npm - @sphereon/ssi-sdk.oid4vci-holder - Versions diffs - 0.36.1-feature.SSISDK.82.and.SSISDK.70.35 → 0.36.1-feature.SSISDK.89.metadata.persistence.103 - Mend

@sphereon/ssi-sdk.oid4vci-holder 0.36.1-feature.SSISDK.82.and.SSISDK.70.35 → 0.36.1-feature.SSISDK.89.metadata.persistence.103

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.cjs +3 -0
package/dist/index.cjs.map +1 -1
package/dist/index.js +3 -0
package/dist/index.js.map +1 -1
package/package.json +24 -24
package/src/agent/OID4VCIHolder.ts +2 -1

package/dist/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/localization/translations/en.json","../src/localization/translations/nl.json","../src/index.ts","../src/agent/OID4VCIHolder.ts","../src/machines/oid4vciMachine.ts","../src/localization/Localization.ts","../src/types/IOID4VCIHolder.ts","../src/types/FirstPartyMachine.ts","../src/services/OID4VCIHolderService.ts","../src/machines/firstPartyMachine.ts","../src/services/FirstPartyMachineServices.ts","../src/mappers/OIDC4VCIBrandingMapper.ts","../src/listeners/headlessStateNavListener.ts","../src/link-handler/index.ts"],"sourcesContent":["{\n \"oid4vci_machine_verify_credentials_error_title\": \"Verify credentials\",\n \"oid4vci_machine_store_credential_branding_error_title\": \"Store credential branding\",\n \"oid4vci_machine_store_credential_error_title\": \"Store credential\",\n \"oid4vci_machine_add_contact_identity_error_title\": \"Add contact identity\",\n \"oid4vci_machine_retrieve_credentials_error_title\": \"Retrieve credentials\",\n \"oid4vci_machine_retrieve_issuer_branding_error_title\": \"Retrieve issuer branding\",\n \"oid4vci_machine_store_issuer_branding_error_title\": \"Store issuer branding\",\n \"oid4vci_machine_retrieve_contact_error_title\": \"Retrieve contact\",\n \"oid4vci_machine_credential_selection_error_title\": \"Credential selection\",\n \"oid4vci_machine_initiation_error_title\": \"Initiate OID4VCI provider\",\n \"oid4vci_machine_credential_verification_failed_message\": \"The credential verification resulted in an error.\",\n \"oid4vci_machine_credential_verification_schema_failed_message\": \"The credential schema verification resulted in an error.\",\n \"oid4vci_machine_retrieve_federation_trust_error_title\": \"Retrieve federation trust\",\n \"oid4vci_machine_first_party_error_title\": \"First party flow\",\n \"oid4vci_machine_send_authorization_challenge_request_error_title\": \"Sending authorization challenge request\",\n \"oid4vci_machine_create_config_error_title\": \"Creating siopV2 config\",\n \"oid4vci_machine_get_request_error_title\": \"Getting siopV2 request\"\n}\n","{\n \"oid4vci_machine_verify_credentials_error_title\": \"Verifiëren credential\",\n \"oid4vci_machine_store_credential_branding_error_title\": \"Opslaan credential branding\",\n \"oid4vci_machine_store_credential_error_title\": \"Opslaan credential\",\n \"oid4vci_machine_add_contact_identity_error_title\": \"Toevoegen identiteit contact\",\n \"oid4vci_machine_retrieve_credentials_error_title\": \"Ophalen credential\",\n \"oid4vci_machine_retrieve_issuer_branding_error_title\": \"Ophalen issuer branding\",\n \"oid4vci_machine_store_issuer_branding_error_title\": \"Opslaan issuer branding\",\n \"oid4vci_machine_retrieve_contact_error_title\": \"Ophalen contact\",\n \"oid4vci_machine_credential_selection_error_title\": \"Credential selectie\",\n \"oid4vci_machine_initiation_error_title\": \"Initiëren OID4VCI provider\",\n \"oid4vci_machine_credential_verification_failed_message\": \"Verificatie van de credential leidde tot een fout.\",\n \"oid4vci_machine_retrieve_federation_trust_error_title\": \"Ophalen federatievertrouwen\",\n \"oid4vci_machine_first_party_error_title\": \"Eerste partijstroom\",\n \"oid4vci_machine_send_authorization_challenge_request_error_title\": \"Versturen autorisatie-uitdaging aanvraag\",\n \"oid4vci_machine_create_config_error_title\": \"SiopV2-configuratie aanmaken\",\n \"oid4vci_machine_get_request_error_title\": \"SiopV2-verzoek ophalen\"\n}\n","/*\n @public\n /\n\nexport { OID4VCIHolder, oid4vciHolderContextMethods, signCallback } from './agent/OID4VCIHolder'\nexport from './mappers/OIDC4VCIBrandingMapper'\nexport * from './services/OID4VCIHolderService'\nexport * from './services/FirstPartyMachineServices'\nexport * from './types/IOID4VCIHolder'\nexport * from './types/FirstPartyMachine'\nexport * from './listeners/headlessStateNavListener'\nexport * from './link-handler'\n","import { CredentialOfferClient, MetadataClient, OpenID4VCIClient, OpenID4VCIClientV1_0_15 } from '@sphereon/oid4vci-client'\nimport {\n AuthorizationDetailsV1_0_15,\n AuthorizationRequestOpts,\n AuthorizationServerClientOpts,\n AuthorizationServerOpts,\n CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_15,\n CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15,\n CredentialOfferRequestWithBaseUrl,\n DefaultURISchemes,\n EndpointMetadataResult,\n getTypesFromObject,\n Jwt,\n NotificationRequest,\n ProofOfPossessionCallbacks,\n} from '@sphereon/oid4vci-common'\nimport { SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n IIdentifierResolution,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierJwkResult,\n isManagedIdentifierKidResult,\n isManagedIdentifierResult,\n isManagedIdentifierX5cOpts,\n isManagedIdentifierX5cResult,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService, JwsHeader } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { signatureAlgorithmFromKey } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\nimport {\n ConnectionType,\n CorrelationIdentifierType,\n CredentialCorrelationType,\n ensureRawDocument,\n FindPartyArgs,\n IBasicCredentialLocaleBranding,\n IBasicIssuerLocaleBranding,\n Identity,\n IdentityOrigin,\n IIssuerLocaleBranding,\n NonPersistedIdentity,\n Party,\n} from '@sphereon/ssi-sdk.data-store-types'\nimport {\n CredentialMapper,\n type CredentialProofFormat,\n CredentialRole,\n HasherSync,\n IVerifiableCredential,\n JoseSignatureAlgorithm,\n JoseSignatureAlgorithmString,\n JwtDecodedVerifiableCredential,\n Loggers,\n parseDid,\n SdJwtDecodedVerifiableCredentialPayload,\n WrappedW3CVerifiableCredential,\n} from '@sphereon/ssi-types'\nimport {\n CredentialPayload,\n IAgentContext,\n IAgentPlugin,\n IDIDManager,\n IKeyManager,\n IResolver,\n VerifiableCredential,\n W3CVerifiableCredential,\n} from '@veramo/core'\nimport { asArray, computeEntryHash } from '@veramo/utils'\nimport fetch from 'cross-fetch'\nimport { decodeJWT } from 'did-jwt'\nimport { v4 as uuidv4 } from 'uuid'\nimport { OID4VCIMachine } from '../machines/oid4vciMachine'\nimport {\n extractCredentialFromResponse,\n getBasicIssuerLocaleBranding,\n getCredentialBranding,\n getCredentialConfigsSupportedMerged,\n getIdentifierOpts,\n getIssuanceOpts,\n mapCredentialToAccept,\n selectCredentialLocaleBranding,\n startFirstPartApplicationMachine,\n verifyCredentialToAccept,\n} from '../services/OID4VCIHolderService'\nimport {\n AddContactIdentityArgs,\n AssertValidCredentialsArgs,\n Attribute,\n CreateCredentialsToSelectFromArgs,\n CredentialToAccept,\n CredentialToSelectFromResult,\n GetContactArgs,\n GetCredentialArgs,\n GetCredentialsArgs,\n GetFederationTrustArgs,\n GetIssuerBrandingArgs,\n GetIssuerMetadataArgs,\n IOID4VCIHolder,\n IssuanceOpts,\n MappedCredentialToAccept,\n OID4VCIHolderEvent,\n OID4VCIHolderOptions,\n OID4VCIMachine as OID4VCIMachineId,\n OID4VCIMachineInstanceOpts,\n OID4VCIMachineServiceDefinitions,\n OID4VCIMachineServices,\n OnContactIdentityCreatedArgs,\n OnCredentialStoredArgs,\n OnIdentifierCreatedArgs,\n PrepareAuthorizationRequestArgs,\n PrepareAuthorizationResult,\n PrepareStartArgs,\n RequestType,\n RequiredContext,\n SendNotificationArgs,\n StartFirstPartApplicationMachine,\n StartResult,\n StoreCredentialBrandingArgs,\n StoreCredentialsArgs,\n StoreIssuerBrandingArgs,\n VerificationResult,\n VerifyEBSICredentialIssuerArgs,\n VerifyEBSICredentialIssuerResult,\n WalletType,\n} from '../types/IOID4VCIHolder'\n\n/*\n {@inheritDoc IOID4VCIHolder}\n /\n\n// Exposing the methods here for any REST implementation\nexport const oid4vciHolderContextMethods: Array<string> = [\n 'cmGetContacts',\n 'cmGetContact',\n 'cmAddContact',\n 'cmAddIdentity',\n 'ibCredentialLocaleBrandingFrom',\n 'ibAddCredentialBranding',\n 'dataStoreSaveVerifiableCredential',\n 'didManagerFind',\n 'didManagerGet',\n 'keyManagerSign',\n 'verifyCredential',\n]\n\nconst logger = Loggers.DEFAULT.get('sphereon:oid4vci:holder')\n\nexport function signCallback(\n identifier: ManagedIdentifierOptsOrResult,\n context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>,\n nonce?: string,\n) {\n return async (jwt: Jwt, kid?: string, noIssPayloadUpdate?: boolean) => {\n let resolution = await context.agent.identifierManagedGet(identifier)\n const jwk = jwt.header.jwk ?? (resolution.method === 'jwk' ? resolution.jwk : undefined)\n if (!resolution.issuer && !jwt.payload.iss) {\n return Promise.reject(Error(`No issuer could be determined from the JWT ${JSON.stringify(jwt)} or identifier resolution`))\n }\n const header = jwt.header as JwsHeader\n const payload = jwt.payload\n if (nonce) {\n payload.nonce = nonce\n }\n if (jwk && header.kid) {\n console.log(\n `Deleting kid, as we are using a jwk and the oid4vci spec does not allow both to be present (which is not the case in the JOSE spec)`,\n )\n delete header.kid // The OID4VCI spec does not allow a JWK with kid present although the JWS spec does\n }\n return (\n await context.agent.jwtCreateJwsCompactSignature({\n issuer: { ...resolution, noIssPayloadUpdate: noIssPayloadUpdate ?? false },\n protectedHeader: header,\n payload,\n })\n ).jwt\n }\n}\n\nexport async function verifyEBSICredentialIssuer(args: VerifyEBSICredentialIssuerArgs): Promise<VerifyEBSICredentialIssuerResult> {\n const { wrappedVc, issuerType = ['TI'] } = args\n\n const issuer =\n wrappedVc.decoded?.iss ??\n (typeof wrappedVc.decoded?.vc?.issuer === 'string' ? wrappedVc.decoded?.vc?.issuer : wrappedVc.decoded?.vc?.issuer?.existingInstanceId)\n\n if (!issuer) {\n throw Error('The issuer of the VC is required to be present')\n }\n\n const url = `https://api-conformance.ebsi.eu/trusted-issuers-registry/v4/issuers/${issuer}`\n const response = await fetch(url)\n if (response.status !== 200) {\n throw Error('The issuer of the VC cannot be trusted')\n }\n\n const payload = (await response.json()) as VerifyEBSICredentialIssuerResult\n\n if (!payload.attributes.some((a: Attribute) => issuerType.includes(a.issuerType))) {\n throw Error(`The issuer type is required to be one of: ${issuerType.join(', ')}`)\n }\n\n return payload\n}\n\nexport class OID4VCIHolder implements IAgentPlugin {\n private readonly hasher?: HasherSync\n readonly eventTypes: Array<OID4VCIHolderEvent> = [\n OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED,\n OID4VCIHolderEvent.CREDENTIAL_STORED,\n OID4VCIHolderEvent.IDENTIFIER_CREATED,\n ]\n\n readonly methods: IOID4VCIHolder = {\n oid4vciHolderStart: this.oid4vciHolderStart.bind(this),\n oid4vciHolderGetIssuerMetadata: this.oid4vciHolderGetIssuerMetadata.bind(this),\n oid4vciHolderGetMachineInterpreter: this.oid4vciHolderGetMachineInterpreter.bind(this),\n oid4vciHolderPrepareAuthorizationRequest: this.oid4vciHolderPrepareAuthorizationRequest.bind(this),\n oid4vciHolderCreateCredentialsToSelectFrom: this.oid4vciHolderCreateCredentialsToSelectFrom.bind(this),\n oid4vciHolderGetContact: this.oid4vciHolderGetContact.bind(this),\n oid4vciHolderGetCredentials: this.oid4vciHolderGetCredentials.bind(this),\n oid4vciHolderGetCredential: this.oid4vciHolderGetCredential.bind(this),\n oid4vciHolderAddContactIdentity: this.oid4vciHolderAddContactIdentity.bind(this),\n oid4vciHolderAssertValidCredentials: this.oid4vciHolderAssertValidCredentials.bind(this),\n oid4vciHolderStoreCredentialBranding: this.oid4vciHolderStoreCredentialBranding.bind(this),\n oid4vciHolderStoreCredentials: this.oid4vciHolderStoreCredentials.bind(this),\n oid4vciHolderSendNotification: this.oid4vciHolderSendNotification.bind(this),\n oid4vciHolderGetIssuerBranding: this.oid4vciHolderGetIssuerBranding.bind(this),\n oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this),\n }\n\n private readonly vcFormatPreferences: Array<string> = ['dc+sd-jwt', 'vc+sd-jwt', 'mso_mdoc', 'jwt_vc_json', 'jwt_vc', 'ldp_vc'] // TODO see SSISDK-52 concerning vc+sd-jwt\n private readonly jsonldCryptographicSuitePreferences: Array<string> = [\n 'Ed25519Signature2018',\n 'EcdsaSecp256k1Signature2019',\n 'Ed25519Signature2020',\n 'JsonWebSignature2020',\n // \"JcsEd25519Signature2020\"\n ]\n private readonly didMethodPreferences: Array<SupportedDidMethodEnum> = [\n SupportedDidMethodEnum.DID_JWK, // FIXME prefer JWK until we devise a method to detect when to use EBSI/jcs for did:key and when not\n SupportedDidMethodEnum.DID_KEY,\n SupportedDidMethodEnum.DID_OYD,\n SupportedDidMethodEnum.DID_EBSI,\n SupportedDidMethodEnum.DID_ION,\n ]\n private readonly jwtCryptographicSuitePreferences: Array<JoseSignatureAlgorithm \| JoseSignatureAlgorithmString> = [\n JoseSignatureAlgorithm.ES256,\n JoseSignatureAlgorithm.ES256K,\n JoseSignatureAlgorithm.EdDSA,\n ]\n private static readonly DEFAULT_MOBILE_REDIRECT_URI = `${DefaultURISchemes.CREDENTIAL_OFFER}://`\n private readonly defaultAuthorizationRequestOpts: AuthorizationRequestOpts = { redirectUri: OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI }\n private readonly onContactIdentityCreated?: (args: OnContactIdentityCreatedArgs) => Promise<void>\n private readonly onCredentialStored?: (args: OnCredentialStoredArgs) => Promise<void>\n private readonly onIdentifierCreated?: (args: OnIdentifierCreatedArgs) => Promise<void>\n private readonly onVerifyEBSICredentialIssuer?: (args: VerifyEBSICredentialIssuerArgs) => Promise<VerifyEBSICredentialIssuerResult>\n\n constructor(options?: OID4VCIHolderOptions) {\n const {\n onContactIdentityCreated,\n onCredentialStored,\n onIdentifierCreated,\n onVerifyEBSICredentialIssuer,\n vcFormatPreferences,\n jsonldCryptographicSuitePreferences,\n didMethodPreferences,\n jwtCryptographicSuitePreferences,\n defaultAuthorizationRequestOptions,\n hasher = defaultHasher,\n } = { ...options }\n\n this.hasher = hasher\n if (vcFormatPreferences !== undefined && vcFormatPreferences.length > 0) {\n this.vcFormatPreferences = vcFormatPreferences\n }\n if (jsonldCryptographicSuitePreferences !== undefined && jsonldCryptographicSuitePreferences.length > 0) {\n this.jsonldCryptographicSuitePreferences = jsonldCryptographicSuitePreferences\n }\n if (didMethodPreferences !== undefined && didMethodPreferences.length > 0) {\n this.didMethodPreferences = didMethodPreferences\n }\n if (jwtCryptographicSuitePreferences !== undefined && jwtCryptographicSuitePreferences.length > 0) {\n this.jwtCryptographicSuitePreferences = jwtCryptographicSuitePreferences\n }\n if (defaultAuthorizationRequestOptions) {\n this.defaultAuthorizationRequestOpts = defaultAuthorizationRequestOptions\n }\n this.onContactIdentityCreated = onContactIdentityCreated\n this.onCredentialStored = onCredentialStored\n this.onIdentifierCreated = onIdentifierCreated\n this.onVerifyEBSICredentialIssuer = onVerifyEBSICredentialIssuer\n }\n\n public async onEvent(event: any, context: RequiredContext): Promise<void> {\n switch (event.type) {\n case OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED:\n this.onContactIdentityCreated?.(event.data)\n break\n case OID4VCIHolderEvent.CREDENTIAL_STORED:\n this.onCredentialStored?.(event.data)\n break\n case OID4VCIHolderEvent.IDENTIFIER_CREATED:\n this.onIdentifierCreated?.(event.data)\n break\n default:\n return Promise.reject(Error(`Event type ${event.type} not supported`))\n }\n }\n\n /\n FIXME: This method can only be used locally. Creating the interpreter should be local to where the agent is running\n /\n private async oid4vciHolderGetMachineInterpreter(opts: OID4VCIMachineInstanceOpts, context: RequiredContext): Promise<OID4VCIMachineId> {\n const authorizationRequestOpts = { ...this.defaultAuthorizationRequestOpts, ...opts.authorizationRequestOpts }\n const services: OID4VCIMachineServiceDefinitions = {\n [OID4VCIMachineServices.start]: (args: PrepareStartArgs) =>\n this.oid4vciHolderStart(\n {\n ...args,\n authorizationRequestOpts,\n },\n context,\n ),\n [OID4VCIMachineServices.startFirstPartApplicationFlow]: (args: StartFirstPartApplicationMachine) =>\n startFirstPartApplicationMachine({ ...args, stateNavigationListener: opts.firstPartyStateNavigationListener }, context),\n [OID4VCIMachineServices.createCredentialsToSelectFrom]: (args: CreateCredentialsToSelectFromArgs) =>\n this.oid4vciHolderCreateCredentialsToSelectFrom(args, context),\n [OID4VCIMachineServices.prepareAuthorizationRequest]: (args: PrepareAuthorizationRequestArgs) =>\n this.oid4vciHolderPrepareAuthorizationRequest(args, context),\n [OID4VCIMachineServices.getContact]: (args: GetContactArgs) => this.oid4vciHolderGetContact(args, context),\n [OID4VCIMachineServices.getCredentials]: (args: GetCredentialsArgs) =>\n this.oid4vciHolderGetCredentials({ accessTokenOpts: args.accessTokenOpts ?? opts.accessTokenOpts, ...args }, context),\n [OID4VCIMachineServices.addContactIdentity]: (args: AddContactIdentityArgs) => this.oid4vciHolderAddContactIdentity(args, context),\n [OID4VCIMachineServices.getIssuerBranding]: (args: GetIssuerBrandingArgs) => this.oid4vciHolderGetIssuerBranding(args, context),\n [OID4VCIMachineServices.storeIssuerBranding]: (args: StoreIssuerBrandingArgs) => this.oid4vciHolderStoreIssuerBranding(args, context),\n [OID4VCIMachineServices.assertValidCredentials]: (args: AssertValidCredentialsArgs) => this.oid4vciHolderAssertValidCredentials(args, context),\n [OID4VCIMachineServices.storeCredentialBranding]: (args: StoreCredentialBrandingArgs) =>\n this.oid4vciHolderStoreCredentialBranding(args, context),\n [OID4VCIMachineServices.storeCredentials]: (args: StoreCredentialsArgs) => this.oid4vciHolderStoreCredentials(args, context),\n [OID4VCIMachineServices.sendNotification]: (args: SendNotificationArgs) => this.oid4vciHolderSendNotification(args, context),\n [OID4VCIMachineServices.getFederationTrust]: (args: GetFederationTrustArgs) => this.getFederationTrust(args, context),\n }\n\n const oid4vciMachineInstanceArgs: OID4VCIMachineInstanceOpts = {\n ...opts,\n authorizationRequestOpts,\n services: {\n ...services,\n ...opts.services,\n },\n }\n\n const { interpreter } = await OID4VCIMachine.newInstance(oid4vciMachineInstanceArgs, context)\n\n return {\n interpreter,\n }\n }\n\n /\n This method is run before the machine starts! So there is no concept of the state machine context or states yet\n \n The result of this method can be directly passed into the start method of the state machine\n * @param args\n * @param context\n * @private\n /\n private async oid4vciHolderStart(args: PrepareStartArgs, context: RequiredContext): Promise<StartResult> {\n const { requestData } = args\n if (!requestData) {\n throw Error(`Cannot start the OID4VCI holder flow without request data being provided`)\n }\n const { uri = undefined } = requestData\n if (!uri) {\n return Promise.reject(Error('Missing request URI in context'))\n }\n\n const authorizationRequestOpts = { ...this.defaultAuthorizationRequestOpts, ...args.authorizationRequestOpts } satisfies AuthorizationRequestOpts\n // TODO: Previously we filtered the details first against our vcformat prefs. However auth details does not have the notion of formats anymore\n authorizationRequestOpts.authorizationDetails = authorizationRequestOpts?.authorizationDetails\n ? asArray(authorizationRequestOpts.authorizationDetails)\n : undefined\n\n if (!authorizationRequestOpts.redirectUri) {\n authorizationRequestOpts.redirectUri = OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI\n }\n if (authorizationRequestOpts.redirectUri.startsWith('http') && !authorizationRequestOpts.clientId) {\n // At least set a default for a web based wallet.\n // TODO: We really need (dynamic) client registration support\n authorizationRequestOpts.clientId = authorizationRequestOpts.redirectUri\n }\n\n // TODO: This entire filter and formats population should not work anymore, as the auth details no longer have the format property.\n let formats: string[] = this.vcFormatPreferences\n const authFormats = authorizationRequestOpts?.authorizationDetails\n ?.map((detail: AuthorizationDetailsV1_0_15) => (typeof detail === 'object' && 'format' in detail && detail.format ? detail.format : undefined))\n .filter((format) => !!format)\n .map((format) => format as string)\n if (authFormats && authFormats.length > 0) {\n formats = Array.from(new Set(authFormats))\n }\n let oid4vciClient: OpenID4VCIClientV1_0_15\n let offer: CredentialOfferRequestWithBaseUrl \| undefined\n if (requestData.existingClientState) {\n oid4vciClient = await OpenID4VCIClientV1_0_15.fromState({ state: requestData.existingClientState })\n offer = oid4vciClient.credentialOffer\n } else {\n offer = requestData.credentialOffer\n if (\n uri.startsWith(RequestType.OPENID_INITIATE_ISSUANCE) \|\|\n uri.startsWith(RequestType.OPENID_CREDENTIAL_OFFER) \|\|\n uri.match(/https?:\\/\\/.credential_offer(_uri)=?./)\n ) {\n if (!offer) {\n // Let's make sure to convert the URI to offer, as it matches the regexes. Normally this should already have happened at this point though\n offer = await CredentialOfferClient.fromURI(uri)\n }\n } else {\n if (!!offer) {\n logger.warning(`Non default URI used for credential offer: ${uri}`)\n }\n }\n\n if (!offer) {\n // else no offer, meaning we have an issuer URL\n logger.log(`Issuer url received (no credential offer): ${uri}`)\n oid4vciClient = await OpenID4VCIClientV1_0_15.fromCredentialIssuer({\n credentialIssuer: uri,\n authorizationRequest: authorizationRequestOpts,\n clientId: authorizationRequestOpts.clientId,\n createAuthorizationRequestURL: false, // requestData.createAuthorizationRequestURL ?? true,\n })\n } else {\n logger.log(`Credential offer received: ${uri}`)\n oid4vciClient = await OpenID4VCIClientV1_0_15.fromURI({\n uri,\n authorizationRequest: authorizationRequestOpts,\n clientId: authorizationRequestOpts.clientId,\n createAuthorizationRequestURL: false, // requestData.createAuthorizationRequestURL ?? true,\n })\n }\n }\n\n let configurationIds: Array<string> = []\n if (offer) {\n configurationIds = offer.original_credential_offer.credential_configuration_ids\n } else {\n configurationIds = asArray(authorizationRequestOpts.authorizationDetails)\n // .filter((authDetails): authDetails is Exclude<AuthorizationDetailsV1_0_15, string> => typeof authDetails !== 'string')\n .map((authReqOpts) => authReqOpts.credential_configuration_id)\n .filter((id): id is string => !!id)\n }\n\n const credentialsSupported = await getCredentialConfigsSupportedMerged({\n client: oid4vciClient,\n vcFormatPreferences: formats,\n configurationIds,\n })\n\n const serverMetadata = await oid4vciClient.retrieveServerMetadata()\n const credentialBranding = await getCredentialBranding({ credentialsSupported, context })\n const oid4vciClientState = JSON.parse(await oid4vciClient.exportState())\n\n return {\n credentialBranding,\n credentialsSupported,\n serverMetadata,\n oid4vciClientState,\n }\n }\n\n private async oid4vciHolderPrepareAuthorizationRequest(\n args: PrepareAuthorizationRequestArgs,\n context: RequiredContext,\n ): Promise<PrepareAuthorizationResult> {\n const { openID4VCIClientState, contact } = args\n if (!openID4VCIClientState) {\n return Promise.reject(Error('Missing openID4VCI client state in context'))\n }\n\n const clientId = contact?.identities\n .map((identity) => {\n const connectionConfig = identity.connection?.config\n if (connectionConfig && 'clientId' in connectionConfig) {\n return connectionConfig.clientId\n }\n return undefined\n })\n .find((clientId) => clientId)\n\n if (!clientId) {\n return Promise.reject(Error(`Missing client id in contact's connectionConfig`))\n }\n const client = await OpenID4VCIClientV1_0_15.fromState({ state: openID4VCIClientState })\n const authorizationCodeURL = await client.createAuthorizationRequestUrl({\n authorizationRequest: {\n clientId: clientId,\n } satisfies AuthorizationRequestOpts,\n })\n if (authorizationCodeURL) {\n logger.log(`authorization code URL ${authorizationCodeURL}`)\n }\n return {\n authorizationCodeURL,\n // Needed, because the above createAuthorizationRequestUrl manipulates the state, adding pkce opts to the state\n oid4vciClientState: JSON.parse(await client.exportState())\n }\n }\n\n private async oid4vciHolderCreateCredentialsToSelectFrom(\n args: CreateCredentialsToSelectFromArgs,\n context: RequiredContext,\n ): Promise<Array<CredentialToSelectFromResult>> {\n const { credentialBranding, locale, selectedCredentials /, openID4VCIClientState/, credentialsSupported } = args\n\n // const client = await OpenID4VCIClient.fromState({ state: openID4VCIClientState! }) // TODO see if we need the check openID4VCIClientState defined\n /const credentialsSupported = await getCredentialConfigsSupportedBySingleTypeOrId({\n client,\n vcFormatPreferences: this.vcFormatPreferences,\n })/\n logger.info(`Credentials supported ${Object.keys(credentialsSupported).join(', ')}`)\n\n const credentialSelection: Array<CredentialToSelectFromResult> = await Promise.all(\n Object.entries(credentialsSupported).map(async ([id, credentialConfigSupported]): Promise<CredentialToSelectFromResult> => {\n // FIXME this allows for duplicate VerifiableCredential, which the user has no idea which ones those are and we also have a branding map with unique keys, so some branding will not match\n // const defaultCredentialType = 'VerifiableCredential'\n\n const credentialTypes = getTypesFromObject(credentialConfigSupported)\n // const credentialType = id /?? credentialTypes?.find((type) => type !== defaultCredentialType) ?? defaultCredentialType/\n const localeBranding = !credentialBranding\n ? undefined\n : (credentialBranding?.[id] ??\n Object.entries(credentialBranding)\n .find(([type, _brandings]) => {\n credentialTypes && type in credentialTypes\n })\n ?.map(([type, supported]) => supported))\n const credentialAlias = (\n await selectCredentialLocaleBranding({\n locale,\n localeBranding,\n })\n )?.alias\n\n return {\n id: uuidv4(),\n credentialId: id,\n credentialTypes: credentialTypes ?? asArray(id),\n credentialAlias: credentialAlias ?? id,\n isSelected: false,\n }\n }),\n )\n\n // TODO find better place to do this, would be nice if the machine does this?\n if (credentialSelection.length >= 1) {\n credentialSelection.map((sel) => selectedCredentials.push(sel.credentialId))\n }\n logger.log(`Credential selection ${JSON.stringify(credentialSelection)}`)\n\n return credentialSelection\n }\n\n private async oid4vciHolderGetContact(args: GetContactArgs, context: RequiredContext): Promise<Party \| undefined> {\n const { serverMetadata } = args\n\n if (serverMetadata === undefined) {\n return Promise.reject(Error('Missing serverMetadata in context'))\n }\n\n const names: Set<string> = new Set(\n serverMetadata.credentialIssuerMetadata?.display\n ?.map((display) => display.name)\n .filter((name) => name != undefined)\n .map((name) => name as string) ?? [],\n )\n const name = names.size > 0 ? Array.from(names)[0] : undefined\n\n const correlationId: string = new URL(serverMetadata.issuer).hostname\n\n const filter: FindPartyArgs = [\n {\n identities: {\n identifier: {\n correlationId,\n },\n },\n },\n ]\n\n if (name) {\n filter.push({\n contact: {\n legalName: name,\n },\n })\n filter.push({\n contact: {\n displayName: name,\n },\n })\n }\n\n const parties: Array<Party> = await context.agent.cmGetContacts({\n filter,\n })\n\n if (parties.length > 1) {\n logger.warning(`Get contacts returned more than one result: ${parties.length}, ${parties.map((party) => party.contact.displayName).join(',')}`)\n }\n const party = parties.length >= 1 ? parties[0] : undefined\n\n logger.log(`Party involved: `, party)\n return party\n }\n\n private async oid4vciHolderGetCredentials(args: GetCredentialsArgs, context: RequiredContext): Promise<Array<MappedCredentialToAccept>> {\n const { verificationCode, openID4VCIClientState, didMethodPreferences, issuanceOpt, accessTokenOpts, walletType } = args\n logger.debug(`Getting credentials`, issuanceOpt, accessTokenOpts)\n\n if (!openID4VCIClientState) {\n return Promise.reject(Error('Missing openID4VCI client state in context'))\n }\n\n const client = await OpenID4VCIClientV1_0_15.fromState({ state: openID4VCIClientState })\n const credentialsSupported = await getCredentialConfigsSupportedMerged({\n client,\n vcFormatPreferences: this.vcFormatPreferences,\n configurationIds: args.selectedCredentials,\n })\n const serverMetadata = await client.retrieveServerMetadata()\n const issuanceOpts = await getIssuanceOpts({\n client,\n credentialsSupported,\n serverMetadata,\n context,\n didMethodPreferences: this.selectDidMethodPreferences(didMethodPreferences, walletType),\n jwtCryptographicSuitePreferences: this.jwtCryptographicSuitePreferences,\n jsonldCryptographicSuitePreferences: this.jsonldCryptographicSuitePreferences,\n ...(issuanceOpt && { forceIssuanceOpt: issuanceOpt }),\n })\n\n const getCredentials = issuanceOpts.map(\n async (issuanceOpt: IssuanceOpts): Promise<MappedCredentialToAccept> =>\n await this.oid4vciHolderGetCredential(\n {\n issuanceOpt,\n pin: verificationCode,\n client,\n accessTokenOpts,\n },\n context,\n ),\n )\n\n const allCredentials = await Promise.all(getCredentials)\n logger.log(`Credentials received`, allCredentials)\n\n return allCredentials\n }\n\n private selectDidMethodPreferences(didMethodPreferences: Array<SupportedDidMethodEnum> \| undefined, walletType: WalletType) {\n const supportedDidMethodEnums =\n Array.isArray(didMethodPreferences) && didMethodPreferences.length > 0 ? didMethodPreferences : this.didMethodPreferences\n if (walletType === 'ORGANIZATIONAL') {\n return [SupportedDidMethodEnum.DID_WEB, ...supportedDidMethodEnums]\n }\n return supportedDidMethodEnums\n }\n\n private async oid4vciHolderGetCredential(args: GetCredentialArgs, context: RequiredContext): Promise<MappedCredentialToAccept> {\n const { issuanceOpt, pin, client, accessTokenOpts } = args\n logger.info(`Getting credential`, issuanceOpt)\n\n if (!issuanceOpt) {\n return Promise.reject(Error(`Cannot get credential issuance options`))\n }\n\n const identifier = await getIdentifierOpts({ issuanceOpt, context })\n issuanceOpt.identifier = identifier\n logger.info(`ID opts`, identifier)\n const alg: JoseSignatureAlgorithm \| JoseSignatureAlgorithmString = await signatureAlgorithmFromKey({ key: identifier.key })\n // The VCI lib either expects a jwk or a kid\n const jwk = isManagedIdentifierJwkResult(identifier) ? identifier.jwk : undefined\n\n const callbacks: ProofOfPossessionCallbacks = {\n signCallback: signCallback(identifier, context),\n }\n\n try {\n // We need to make sure we have acquired the access token\n if (!client.clientId) {\n client.clientId = isManagedIdentifierDidResult(identifier) ? identifier.did : identifier.issuer\n }\n let asOpts: AuthorizationServerOpts \| undefined = undefined\n let kid = accessTokenOpts?.clientOpts?.kid ?? identifier.kid\n if (accessTokenOpts?.clientOpts) {\n const clientId = accessTokenOpts.clientOpts.clientId ?? client.clientId ?? identifier.issuer\n if (client.isEBSI() && clientId?.startsWith('http') && kid?.includes('#')) {\n kid = kid.split('#')[1]\n }\n\n //todo: investigate if the jwk should be used here as well if present\n const clientOpts: AuthorizationServerClientOpts = {\n ...accessTokenOpts.clientOpts,\n clientId,\n kid,\n // @ts-ignore\n alg: accessTokenOpts.clientOpts.alg ?? alg,\n signCallbacks: accessTokenOpts.clientOpts.signCallbacks ?? callbacks,\n }\n asOpts = {\n clientOpts,\n }\n }\n\n await client.acquireAccessToken({\n clientId: client.clientId,\n pin,\n authorizationResponse: JSON.parse(await client.exportState()).authorizationCodeResponse,\n additionalRequestParams: accessTokenOpts?.additionalRequestParams,\n ...(asOpts && { asOpts }),\n })\n\n // FIXME: This type mapping is wrong. It should use credential_identifier in case the access token response has authorization details\n const types = getTypesFromObject(issuanceOpt)\n const id: string \| undefined = 'id' in issuanceOpt && issuanceOpt.id ? (issuanceOpt.id as string) : undefined\n const credentialTypes = asArray(issuanceOpt.credentialConfigurationId ?? types ?? id)\n if (!credentialTypes \|\| credentialTypes.length === 0) {\n return Promise.reject(Error('cannot determine credential id to request'))\n }\n\n const credentialDefinition = this.getCredentialDefinition(issuanceOpt)\n const credentialResponse = await client.acquireCredentials({\n ...(credentialDefinition && { context: credentialDefinition['@context'] }),\n credentialTypes,\n proofCallbacks: callbacks,\n format: issuanceOpt.format,\n // TODO: We need to update the machine and add notifications support for actual deferred credentials instead of just waiting/retrying\n deferredCredentialAwait: true,\n ...(!jwk && { kid }), // vci client either wants a jwk or kid. If we have used the jwk method do not provide the kid\n jwk,\n alg,\n jti: uuidv4(),\n })\n\n const credential = {\n id: issuanceOpt.credentialConfigurationId ?? id,\n types: types ?? asArray(credentialTypes),\n issuanceOpt,\n credentialResponse,\n } satisfies CredentialToAccept\n return mapCredentialToAccept({ credentialToAccept: credential, hasher: this.hasher })\n } catch (error) {\n return Promise.reject(error)\n }\n }\n\n private async oid4vciHolderAddContactIdentity(args: AddContactIdentityArgs, context: RequiredContext): Promise<Identity> {\n const { credentialsToAccept, contact } = args\n\n if (!contact) {\n return Promise.reject(Error('Missing contact in context'))\n }\n\n if (credentialsToAccept === undefined \|\| credentialsToAccept.length === 0) {\n return Promise.reject(Error('Missing credential offers in context'))\n }\n\n let correlationId: string = credentialsToAccept[0].correlationId\n let identifierType = CorrelationIdentifierType.DID\n if (!correlationId.toLowerCase().startsWith('did:')) {\n identifierType = CorrelationIdentifierType.URL\n if (correlationId.startsWith('http')) {\n correlationId = new URL(correlationId).hostname\n }\n }\n const identity: NonPersistedIdentity = {\n alias: credentialsToAccept[0].correlationId,\n origin: IdentityOrigin.EXTERNAL,\n roles: [CredentialRole.ISSUER],\n identifier: {\n type: identifierType,\n correlationId,\n },\n ...(identifierType === CorrelationIdentifierType.URL && {\n connection: {\n type: ConnectionType.OPENID_CONNECT,\n config: {\n clientId: '138d7bf8-c930-4c6e-b928-97d3a4928b01',\n clientSecret: '03b3955f-d020-4f2a-8a27-4e452d4e27a0',\n scopes: ['auth'],\n issuer: 'https://example.com/app-test',\n redirectUrl: 'app:/callback',\n dangerouslyAllowInsecureHttpRequests: true,\n clientAuthMethod: 'post' as const,\n },\n },\n }),\n }\n\n await context.agent.emit(OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED, {\n contactId: contact.id,\n identity,\n })\n logger.log(`Contact added: ${correlationId}`)\n\n return context.agent.cmAddIdentity({ contactId: contact.id, identity })\n }\n\n private async oid4vciHolderGetIssuerBranding(\n args: GetIssuerBrandingArgs,\n context: RequiredContext,\n ): Promise<Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>> {\n const { serverMetadata, contact } = args\n\n // Here we are fetching issuer branding for a contact. If no contact is found that means we encounter this contact for the first time. This also means we do not have any branding for the contact.\n const issuerCorrelationId = contact?.identities\n .filter((identity) => identity.roles.includes(CredentialRole.ISSUER))\n .map((identity) => identity.identifier.correlationId)[0]\n\n if (issuerCorrelationId) {\n const branding = await context.agent.ibGetIssuerBranding({ filter: [{ issuerCorrelationId }] })\n if (branding.length > 0) {\n return branding[0].localeBranding\n }\n }\n\n // We should have serverMetadata in the context else something went wrong\n if (!serverMetadata) {\n return Promise.reject(Error('Missing serverMetadata in context'))\n }\n\n return getBasicIssuerLocaleBranding({\n display: serverMetadata.credentialIssuerMetadata?.display ?? [],\n dynamicRegistrationClientMetadata: serverMetadata.credentialIssuerMetadata,\n context,\n })\n }\n\n private async oid4vciHolderStoreIssuerBranding(args: StoreIssuerBrandingArgs, context: RequiredContext): Promise<void> {\n const { issuerBranding, contact } = args\n if (!issuerBranding \|\| issuerBranding.length === 0 \|\| (<Array<IIssuerLocaleBranding>>issuerBranding)[0].id) {\n // FIXME we need better separation between a contact(issuer) we encountered before and it's branding vs a new contact and it's branding\n return\n }\n\n if (!contact) {\n return Promise.reject(Error('Missing contact in context'))\n }\n\n const issuerCorrelationId = contact?.identities\n .filter((identity) => identity.roles.includes(CredentialRole.ISSUER))\n .map((identity) => identity.identifier.correlationId)[0]\n\n // we check for issuer branding as adding an identity might also trigger storing the issuer branding\n const branding = await context.agent.ibGetIssuerBranding({ filter: [{ issuerCorrelationId }] })\n if (branding.length > 0) {\n return\n }\n\n await context.agent.ibAddIssuerBranding({\n localeBranding: issuerBranding as Array<IBasicIssuerLocaleBranding>,\n issuerCorrelationId,\n })\n }\n\n private async oid4vciHolderAssertValidCredentials(args: AssertValidCredentialsArgs, context: RequiredContext): Promise<VerificationResult[]> {\n const { credentialsToAccept, issuanceOpt } = args\n\n return await Promise.all(\n credentialsToAccept.map((credentialToAccept) =>\n verifyCredentialToAccept({\n mappedCredential: credentialToAccept,\n onVerifyEBSICredentialIssuer: this.onVerifyEBSICredentialIssuer,\n hasher: this.hasher,\n schemaValidation: issuanceOpt?.schemaValidation,\n context,\n }),\n ),\n )\n }\n\n private async oid4vciHolderStoreCredentialBranding(args: StoreCredentialBrandingArgs, context: RequiredContext): Promise<void> {\n const { credentialBranding, serverMetadata, selectedCredentials, credentialsToAccept } = args\n\n if (serverMetadata === undefined) {\n return Promise.reject(Error('Missing serverMetadata in context'))\n } else if (selectedCredentials.length === 0) {\n logger.warning(`No credentials selected for issuer: ${serverMetadata.issuer}`)\n return\n }\n\n let counter = 0\n for (const credentialId of selectedCredentials) {\n // The selectedCredential from context is the configurationId, whilst we store the branding by type. We need to map\n const configId = credentialId\n const types =\n credentialsToAccept\n .find((ac) => ac.correlationId === configId \|\| ac.credentialToAccept.id === configId \|\| ac.types.includes(configId))\n ?.types?.filter((type) => type != 'VerifiableCredential') ?? []\n\n const localeBranding: Array<IBasicCredentialLocaleBranding> = credentialBranding?.[configId] ?? []\n if (localeBranding.length === 0) {\n for (const type of types) {\n const branding = credentialBranding?.[type] ?? []\n if (branding.length > 0) {\n localeBranding.push(...branding)\n }\n }\n }\n\n if (localeBranding && localeBranding.length > 0) {\n const credential = credentialsToAccept.find(\n (credAccept) =>\n credAccept.credentialToAccept.id === credentialId \|\|\n JSON.stringify(credAccept.types) === credentialId \|\|\n JSON.stringify(credAccept.types.filter((cred) => cred !== 'VerifiableCredential')) === JSON.stringify(types) \|\|\n credentialsToAccept[counter],\n )!\n counter++\n await context.agent.ibAddCredentialBranding({\n vcHash: computeEntryHash(credential.rawVerifiableCredential as W3CVerifiableCredential),\n issuerCorrelationId: new URL(serverMetadata.issuer).hostname,\n localeBranding,\n })\n logger.log(\n `Credential branding for issuer ${serverMetadata.issuer} and type ${credentialId} stored with locales ${localeBranding.map((b) => b.locale).join(',')}`,\n )\n } else {\n logger.warning(`No credential branding found for issuer: ${serverMetadata.issuer} and type ${credentialId}`)\n }\n }\n }\n\n private async oid4vciHolderStoreCredentials(args: StoreCredentialsArgs, context: RequiredContext): Promise<void> {\n function trimmed(input?: string) {\n const trim = input?.trim()\n if (trim === '') {\n return undefined\n }\n return trim\n }\n\n const { credentialsToAccept, openID4VCIClientState, credentialsSupported, serverMetadata, selectedCredentials } = args\n const mappedCredentialToAccept = credentialsToAccept[0]\n\n if (selectedCredentials && selectedCredentials.length > 1) {\n logger.error(`More than 1 credential selected ${selectedCredentials.join(', ')}, but current service only stores 1 credential!`)\n }\n\n // TODO determine when and how we should store credentials without key kmsKeyRef & id method), this should be tested with the code below\n const issuanceOpt = args.issuanceOpt ?? mappedCredentialToAccept.credentialToAccept.issuanceOpt\n if (!issuanceOpt \|\| !issuanceOpt.identifier) {\n return Promise.reject(Error('issuanceOpt.identifier must me set in order to store a credential'))\n }\n const { kmsKeyRef, method } = issuanceOpt.identifier\n\n let persist = true\n const verifiableCredential = mappedCredentialToAccept.uniformVerifiableCredential as VerifiableCredential\n\n const notificationId = mappedCredentialToAccept.credentialToAccept.credentialResponse.notification_id\n const subjectIssuance = mappedCredentialToAccept.credential_subject_issuance\n const notificationEndpoint = serverMetadata?.credentialIssuerMetadata?.notification_endpoint\n let holderCredential:\n \| IVerifiableCredential\n \| JwtDecodedVerifiableCredential\n \| SdJwtDecodedVerifiableCredentialPayload\n \| W3CVerifiableCredential\n \| undefined = undefined\n if (!notificationEndpoint) {\n logger.log(`Notifications not supported by issuer ${serverMetadata?.issuer}. Will not provide a notification`)\n } else if (notificationEndpoint && !notificationId) {\n logger.warning(\n `Notification endpoint available in issuer metadata with value ${notificationEndpoint}, but no ${notificationId} provided. Will not send a notification to issuer ${serverMetadata?.issuer}`,\n )\n } else if (notificationEndpoint && notificationId) {\n logger.log(`Notification id ${notificationId} found, will send back a notification to ${notificationEndpoint}`)\n let event = 'credential_accepted'\n if (Array.isArray(subjectIssuance?.notification_events_supported)) {\n // experimental subject issuance, where a new credential is being created\n event = subjectIssuance.notification_events_supported.includes('credential_accepted_holder_signed')\n ? 'credential_accepted_holder_signed'\n : 'credential_deleted_holder_signed'\n logger.log(`Subject issuance/signing will be used, with event`, event)\n\n const issuerVC = extractCredentialFromResponse(mappedCredentialToAccept.credentialToAccept.credentialResponse)\n const wrappedIssuerVC = CredentialMapper.toWrappedVerifiableCredential(issuerVC, { hasher: this.hasher ?? defaultHasher })\n console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`)\n // We will use the subject of the VCI Issuer (the holder, as the issuer of the new credential, so the below is not a mistake!)\n\n let issuer: string \| undefined\n\n if (CredentialMapper.isWrappedSdJwtVerifiableCredential(wrappedIssuerVC)) {\n issuer = trimmed(wrappedIssuerVC.decoded?.sub)\n } else if (CredentialMapper.isWrappedW3CVerifiableCredential(wrappedIssuerVC)) {\n issuer =\n trimmed(wrappedIssuerVC.credential?.sub) ??\n // @ts-ignore\n trimmed(wrappedIssuerVC.credential?.credentialSubject?.id) ??\n trimmed(this.idFromW3cCredentialSubject(wrappedIssuerVC))\n } else if (CredentialMapper.isWrappedMdocCredential(wrappedIssuerVC)) {\n return Promise.reject(Error('mdoc not yet supported'))\n }\n\n if (!issuer) {\n issuer = trimmed(verifiableCredential.credentialSubject?.id)\n }\n if (!issuer && openID4VCIClientState?.kid?.startsWith('did:')) {\n issuer = parseDid(openID4VCIClientState?.kid).did\n }\n if (!issuer && openID4VCIClientState?.jwk?.kid?.startsWith('did:')) {\n issuer = parseDid(openID4VCIClientState!.jwk!.kid!).did\n }\n if (!issuer && openID4VCIClientState?.clientId) {\n issuer = trimmed(openID4VCIClientState.clientId)\n }\n if (!issuer && openID4VCIClientState?.accessTokenResponse) {\n const decodedJwt = decodeJWT(openID4VCIClientState.accessTokenResponse.access_token)\n issuer = decodedJwt.payload.sub\n }\n if (!issuer && mappedCredentialToAccept.credentialToAccept.issuanceOpt.identifier) {\n const resolution = await context.agent.identifierManagedGet(mappedCredentialToAccept.credentialToAccept.issuanceOpt.identifier)\n issuer = resolution.issuer\n }\n\n if (!issuer) {\n throw Error(`We could not determine the issuer, which means we cannot sign the credential`)\n }\n logger.log(`Issuer for self-issued credential will be: ${issuer}`)\n\n const holderCredentialToSign = wrappedIssuerVC.decoded\n let proofFormat: CredentialProofFormat = 'lds'\n if (wrappedIssuerVC.format.includes('jwt') && !wrappedIssuerVC.format.includes('mso_mdoc')) {\n holderCredentialToSign.iss = issuer\n proofFormat = 'jwt'\n }\n if ('issuer' in holderCredentialToSign && !('iss' in holderCredentialToSign)) {\n holderCredentialToSign.issuer = issuer\n }\n if ('sub' in holderCredentialToSign) {\n holderCredentialToSign.sub = issuer\n }\n if ('credentialSubject' in holderCredentialToSign && !Array.isArray(holderCredentialToSign.credentialSubject)) {\n holderCredentialToSign.credentialSubject.id = issuer\n }\n if ('vc' in holderCredentialToSign) {\n if (holderCredentialToSign.vc.credentialSubject) {\n holderCredentialToSign.vc.credentialSubject.id = issuer\n }\n holderCredentialToSign.vc.issuer = issuer\n delete holderCredentialToSign.vc.proof\n delete holderCredentialToSign.vc.issuanceDate\n }\n delete holderCredentialToSign.proof\n delete holderCredentialToSign.issuanceDate\n delete holderCredentialToSign.iat\n\n logger.log(`Subject issuance/signing will sign credential of type ${proofFormat}:`, holderCredentialToSign)\n const issuedVC = await context.agent.createVerifiableCredential({\n credential: ('vc' in holderCredentialToSign ? holderCredentialToSign.vc : holderCredentialToSign) as CredentialPayload,\n fetchRemoteContexts: true,\n save: false,\n proofFormat,\n })\n if (!issuedVC) {\n throw Error(`Could not issue holder credential from the wallet`)\n }\n logger.log(`Holder ${issuedVC.issuer} issued new credential with id ${issuedVC.id}`, issuedVC)\n holderCredential = CredentialMapper.storedCredentialToOriginalFormat(issuedVC as IVerifiableCredential)\n persist = event === 'credential_accepted_holder_signed'\n }\n\n const notificationRequest: NotificationRequest = {\n notification_id: notificationId,\n ...(holderCredential && { credential: holderCredential }),\n event,\n }\n\n await this.oid4vciHolderSendNotification(\n {\n openID4VCIClientState,\n stored: persist,\n credentialsToAccept,\n credentialsSupported,\n notificationRequest,\n serverMetadata,\n },\n context,\n )\n }\n const persistCredential = holderCredential\n ? CredentialMapper.storedCredentialToOriginalFormat(holderCredential)\n : mappedCredentialToAccept.rawVerifiableCredential\n if (!persist && holderCredential) {\n logger.log(`Will not persist credential, since we are signing as a holder and the issuer asked not to persist`)\n } else {\n logger.log(`Persisting credential`, persistCredential)\n\n const issuer = CredentialMapper.issuerCorrelationIdFromIssuerType(verifiableCredential.issuer)\n const [subjectCorrelationType, subjectCorrelationId] = this.determineSubjectCorrelation(issuanceOpt.identifier, issuer)\n\n const persistedCredential = await context.agent.crsAddCredential({\n credential: {\n rawDocument: ensureRawDocument(persistCredential),\n kmsKeyRef: kmsKeyRef,\n identifierMethod: method,\n credentialRole: CredentialRole.HOLDER,\n issuerCorrelationType: issuer?.startsWith('did:') ? CredentialCorrelationType.DID : CredentialCorrelationType.URL,\n issuerCorrelationId: issuer,\n subjectCorrelationType,\n subjectCorrelationId,\n },\n })\n await context.agent.emit(OID4VCIHolderEvent.CREDENTIAL_STORED, {\n credential: persistedCredential,\n vcHash: persistedCredential.hash,\n } satisfies OnCredentialStoredArgs)\n }\n }\n\n private async oid4vciHolderSendNotification(args: SendNotificationArgs, context: RequiredContext): Promise<void> {\n const { serverMetadata, notificationRequest, openID4VCIClientState } = args\n const notificationEndpoint = serverMetadata?.credentialIssuerMetadata?.notification_endpoint\n if (!notificationEndpoint) {\n return\n } else if (!openID4VCIClientState) {\n return Promise.reject(Error('Missing openID4VCI client state in context'))\n } else if (!notificationRequest) {\n return Promise.reject(Error('Missing notification request'))\n }\n\n logger.log(`Will send notification to ${notificationEndpoint}`, notificationRequest)\n\n const client = await OpenID4VCIClient.fromState({ state: openID4VCIClientState })\n await client.sendNotification({ notificationEndpoint }, notificationRequest, openID4VCIClientState?.accessTokenResponse?.access_token)\n logger.log(`Notification to ${notificationEndpoint} has been dispatched`)\n }\n\n private async getFederationTrust(args: GetFederationTrustArgs, context: RequiredContext): Promise<Array<string>> {\n const { requestData, serverMetadata, trustAnchors } = args\n\n if (trustAnchors.length === 0) {\n return Promise.reject(Error('No trust anchors found'))\n }\n\n if (!requestData?.uri) {\n return Promise.reject(Error('Missing request URI in context'))\n }\n\n if (!serverMetadata) {\n return Promise.reject(Error('Missing serverMetadata in context'))\n }\n\n const url = new URL(requestData?.uri)\n const params = new URLSearchParams(url.search)\n const openidFederation = params.get('openid_federation')\n const entityIdentifier = openidFederation ?? serverMetadata.issuer\n if (entityIdentifier.startsWith('http://')) {\n console.warn(`OpenID federation does not support http://, only https:// allowed; got: (${url.toString()})`)\n // OIDF always needs to be https\n return []\n }\n\n const result = await context.agent.identifierExternalResolveByOIDFEntityId({\n method: 'entity_id',\n trustAnchors: trustAnchors,\n identifier: entityIdentifier,\n })\n\n return result.trustedAnchors\n }\n\n private async oid4vciHolderGetIssuerMetadata(args: GetIssuerMetadataArgs, context: RequiredContext): Promise<EndpointMetadataResult> {\n const { issuer, errorOnNotFound = true } = args\n return MetadataClient.retrieveAllMetadata(issuer, { errorOnNotFound })\n }\n\n private determineSubjectCorrelation(identifier: ManagedIdentifierOptsOrResult, issuer: string): [CredentialCorrelationType, string] {\n switch (identifier.method) {\n case 'did':\n if (isManagedIdentifierResult(identifier) && isManagedIdentifierDidResult(identifier)) {\n return [CredentialCorrelationType.DID, identifier.did]\n } else if (isManagedIdentifierDidOpts(identifier)) {\n return [CredentialCorrelationType.DID, typeof identifier.identifier === 'string' ? identifier.identifier : identifier.identifier.did]\n }\n break\n case 'kid':\n if (isManagedIdentifierResult(identifier) && isManagedIdentifierKidResult(identifier)) {\n return [CredentialCorrelationType.KID, identifier.kid]\n } else if (isManagedIdentifierDidOpts(identifier)) {\n return [CredentialCorrelationType.KID, identifier.identifier]\n }\n break\n case 'x5c':\n if (isManagedIdentifierResult(identifier) && isManagedIdentifierX5cResult(identifier)) {\n return [CredentialCorrelationType.X509_SAN, identifier.x5c.join('\\r\\n')]\n } else if (isManagedIdentifierX5cOpts(identifier)) {\n return [CredentialCorrelationType.X509_SAN, identifier.identifier.join('\\r\\n')]\n }\n break\n }\n return [CredentialCorrelationType.URL, issuer]\n }\n\n private idFromW3cCredentialSubject(wrappedIssuerVC: WrappedW3CVerifiableCredential): string \| undefined {\n if (Array.isArray(wrappedIssuerVC.credential?.credentialSubject)) {\n if (wrappedIssuerVC.credential?.credentialSubject.length > 0) {\n return wrappedIssuerVC.credential?.credentialSubject[0].id\n }\n } else {\n return wrappedIssuerVC.credential?.credentialSubject?.id\n }\n return undefined\n }\n\n private getCredentialDefinition(issuanceOpt: IssuanceOpts): CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15 \| undefined {\n if (issuanceOpt.format == 'ldp_vc' \|\| issuanceOpt.format == 'jwt_vc_json-ld') {\n return (issuanceOpt as CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_15).credential_definition\n }\n return undefined\n }\n}\n","import { AuthorizationChallengeCodeResponse, AuthzFlowType, toAuthorizationResponsePayload } from '@sphereon/oid4vci-common'\nimport { IBasicIssuerLocaleBranding, Identity, IIssuerLocaleBranding, Party } from '@sphereon/ssi-sdk.data-store-types'\nimport { assign, createMachine, DoneInvokeEvent, interpret } from 'xstate'\nimport { translate } from '../localization/Localization'\nimport {\n AuthorizationResponseEvent,\n ContactAliasEvent,\n ContactConsentEvent,\n CreateContactEvent,\n CreateOID4VCIMachineOpts,\n CredentialToSelectFromResult,\n ErrorDetails,\n StartResult,\n MappedCredentialToAccept,\n OID4VCIMachineAddContactStates,\n OID4VCIMachineContext,\n OID4VCIMachineEvents,\n OID4VCIMachineEventTypes,\n OID4VCIMachineGuards,\n OID4VCIMachineInstanceOpts,\n OID4VCIMachineInterpreter,\n OID4VCIMachineServices,\n OID4VCIMachineState,\n OID4VCIMachineStates,\n OID4VCIMachineVerifyPinStates,\n OID4VCIStateMachine,\n RequiredContext,\n SelectCredentialsEvent,\n SetAuthorizationCodeURLEvent,\n VerificationCodeEvent,\n PrepareAuthorizationResult,\n} from '../types/IOID4VCIHolder'\nimport { FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'\n\nconst oid4vciHasNoContactGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { contact } = _ctx\n return contact === undefined\n}\n\nconst oid4vciHasContactGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { contact } = _ctx\n return contact !== undefined\n}\n\nconst oid4vciContactHasLowTrustGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { contact, trustedAnchors } = _ctx\n return contact !== undefined && trustedAnchors !== undefined && trustedAnchors.length === 0\n}\n\nconst oid4vciCredentialsToSelectRequiredGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { credentialToSelectFrom } = _ctx\n return credentialToSelectFrom && credentialToSelectFrom.length > 1\n}\n\nconst oid4vciRequirePinGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { requestData } = _ctx\n return requestData?.credentialOffer?.userPinRequired === true\n}\n\nconst oid4vciHasNoContactIdentityGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { contact, credentialsToAccept } = _ctx\n let toAcceptId = credentialsToAccept[0].correlationId\n if (toAcceptId.match(/^https?:\\/\\/./)) {\n toAcceptId = new URL(toAcceptId).hostname\n }\n return !contact?.identities.some((identity: Identity): boolean => identity.identifier.correlationId === toAcceptId)\n}\n\nconst oid4vciVerificationCodeGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { verificationCode } = _ctx\n return verificationCode !== undefined && verificationCode.length > 0\n}\n\nconst oid4vciCreateContactGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { contactAlias, hasContactConsent } = _ctx\n return hasContactConsent && !!contactAlias && contactAlias.length > 0\n}\n\nconst oid4vciHasSelectedCredentialsGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { selectedCredentials } = _ctx\n return selectedCredentials !== undefined && selectedCredentials.length > 0\n}\n\nconst oid4vciIsOIDFOriginGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n // TODO in the future we need to establish if a origin is a IDF origin. So we need to check if this metadata is on the well-known location\n const { trustAnchors } = _ctx\n return trustAnchors.length > 0\n}\n\nconst oid4vciNoAuthorizationGuard = (ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n return !oid4vciHasAuthorizationResponse(ctx, _event)\n}\n\n// FIXME refactor this guard\nconst oid4vciRequireAuthorizationGuard = (ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { openID4VCIClientState } = ctx\n\n if (!openID4VCIClientState) {\n throw Error('Missing openID4VCI client state in context')\n }\n\n if (openID4VCIClientState.authorizationURL && openID4VCIClientState.authorizationRequestOpts) {\n // We have authz options or there is not credential offer to begin with.\n // We require authz as long as we do not have the authz code response\n return !ctx.openID4VCIClientState?.authorizationCodeResponse\n } else if (openID4VCIClientState.credentialOffer?.supportedFlows?.includes(AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {\n return !ctx.openID4VCIClientState?.authorizationCodeResponse\n } else if (openID4VCIClientState.credentialOffer?.supportedFlows?.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {\n return false\n } else if (openID4VCIClientState.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint) {\n return !ctx.openID4VCIClientState?.authorizationCodeResponse\n }\n return false\n}\n\nconst oid4vciHasAuthorizationResponse = (ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n return !!ctx.openID4VCIClientState?.authorizationCodeResponse\n}\n\nconst oid4vciIsFirstPartyApplication = (ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n return !!ctx.serverMetadata?.authorization_challenge_endpoint\n}\n\nconst createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMachine => {\n const initialContext: OID4VCIMachineContext = {\n // TODO WAL-671 we need to store the data from OpenIdProvider here in the context and make sure we can restart the machine with it and init the OpenIdProvider\n accessTokenOpts: opts?.accessTokenOpts,\n requestData: opts?.requestData,\n walletType: opts?.walletType ?? 'NATURAL_PERSON',\n trustAnchors: opts?.trustAnchors ?? [],\n issuanceOpt: opts?.issuanceOpt,\n didMethodPreferences: opts?.didMethodPreferences,\n locale: opts?.locale,\n credentialsSupported: {},\n credentialToSelectFrom: [],\n selectedCredentials: [],\n credentialsToAccept: [],\n hasContactConsent: true,\n contactAlias: '',\n }\n\n return createMachine<OID4VCIMachineContext, OID4VCIMachineEventTypes>({\n id: opts?.machineName ?? 'OID4VCIHolder',\n predictableActionArguments: true,\n initial: OID4VCIMachineStates.start,\n schema: {\n events: {} as OID4VCIMachineEventTypes,\n guards: {} as\n \| { type: OID4VCIMachineGuards.hasNoContactGuard }\n \| { type: OID4VCIMachineGuards.credentialsToSelectRequiredGuard }\n \| { type: OID4VCIMachineGuards.requirePinGuard }\n \| { type: OID4VCIMachineGuards.requireAuthorizationGuard }\n \| { type: OID4VCIMachineGuards.noAuthorizationGuard }\n \| { type: OID4VCIMachineGuards.hasNoContactIdentityGuard }\n \| { type: OID4VCIMachineGuards.verificationCodeGuard }\n \| { type: OID4VCIMachineGuards.hasContactGuard }\n \| { type: OID4VCIMachineGuards.createContactGuard }\n \| { type: OID4VCIMachineGuards.hasSelectedCredentialsGuard }\n \| { type: OID4VCIMachineGuards.hasAuthorizationResponse }\n \| { type: OID4VCIMachineGuards.isOIDFOriginGuard }\n \| { type: OID4VCIMachineGuards.contactHasLowTrustGuard }\n \| { type: OID4VCIMachineGuards.isFirstPartyApplication },\n services: {} as {\n [OID4VCIMachineServices.start]: {\n data: StartResult\n }\n [OID4VCIMachineServices.prepareAuthorizationRequest]: {\n data: PrepareAuthorizationResult\n }\n [OID4VCIMachineServices.createCredentialsToSelectFrom]: {\n data: Array<CredentialToSelectFromResult>\n }\n [OID4VCIMachineServices.getContact]: {\n data: Party \| undefined\n }\n [OID4VCIMachineServices.storeIssuerBranding]: {\n data: void\n }\n [OID4VCIMachineServices.getCredentials]: {\n data: Array<MappedCredentialToAccept> \| undefined\n }\n [OID4VCIMachineServices.addContactIdentity]: {\n data: void\n }\n [OID4VCIMachineServices.assertValidCredentials]: {\n data: void\n }\n [OID4VCIMachineServices.storeCredentialBranding]: {\n data: void\n }\n [OID4VCIMachineServices.storeCredentials]: {\n data: void\n }\n [OID4VCIMachineServices.getFederationTrust]: {\n data: Array<string>\n }\n [OID4VCIMachineServices.getIssuerBranding]: {\n data: Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>\n }\n [OID4VCIMachineServices.startFirstPartApplicationFlow]: {\n data: void\n }\n },\n },\n context: initialContext,\n states: {\n [OID4VCIMachineStates.start]: {\n id: OID4VCIMachineStates.start,\n invoke: {\n src: OID4VCIMachineServices.start,\n onDone: {\n target: OID4VCIMachineStates.createCredentialsToSelectFrom,\n actions: assign({\n credentialBranding: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<StartResult>) => _event.data.credentialBranding ?? {},\n credentialsSupported: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<StartResult>) => _event.data.credentialsSupported,\n serverMetadata: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<StartResult>) => _event.data.serverMetadata,\n openID4VCIClientState: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<StartResult>) => _event.data.oid4vciClientState,\n }),\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_initiation_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.createCredentialsToSelectFrom]: {\n id: OID4VCIMachineStates.createCredentialsToSelectFrom,\n invoke: {\n src: OID4VCIMachineServices.createCredentialsToSelectFrom,\n onDone: {\n target: OID4VCIMachineStates.getContact,\n actions: assign({\n credentialToSelectFrom: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Array<CredentialToSelectFromResult>>) => _event.data,\n }),\n // TODO WAL-670 would be nice if we can have guard that checks if we have at least 1 item in the selection. not sure if this can occur but it would be more defensive.\n // Still cannot find a nice way to do this inside of an invoke besides adding another transition state\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_credential_selection_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.getContact]: {\n id: OID4VCIMachineStates.getContact,\n invoke: {\n src: OID4VCIMachineServices.getContact,\n onDone: {\n target: OID4VCIMachineStates.getIssuerBranding,\n actions: assign({ contact: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Party>) => _event.data }),\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_retrieve_contact_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.getIssuerBranding]: {\n id: OID4VCIMachineStates.getIssuerBranding,\n invoke: {\n src: OID4VCIMachineServices.getIssuerBranding,\n onDone: [\n {\n target: OID4VCIMachineStates.getFederationTrust,\n cond: OID4VCIMachineGuards.isOIDFOriginGuard,\n actions: assign({\n issuerBranding: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>>) =>\n _event.data,\n }),\n },\n {\n target: OID4VCIMachineStates.transitionFromSetup,\n actions: assign({\n issuerBranding: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>>) =>\n _event.data,\n }),\n },\n ],\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_retrieve_issuer_branding_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.getFederationTrust]: {\n id: OID4VCIMachineStates.getFederationTrust,\n invoke: {\n src: OID4VCIMachineServices.getFederationTrust,\n onDone: {\n target: OID4VCIMachineStates.transitionFromSetup,\n actions: assign({\n trustedAnchors: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Array<string>>) => _event.data,\n }),\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_retrieve_federation_trust_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.transitionFromSetup]: {\n id: OID4VCIMachineStates.transitionFromSetup,\n always: [\n {\n target: OID4VCIMachineStates.addContact,\n cond: OID4VCIMachineGuards.hasNoContactGuard,\n },\n {\n target: OID4VCIMachineStates.reviewContact,\n cond: OID4VCIMachineGuards.contactHasLowTrustGuard,\n },\n {\n target: OID4VCIMachineStates.selectCredentials,\n cond: OID4VCIMachineGuards.credentialsToSelectRequiredGuard,\n },\n {\n target: OID4VCIMachineStates.startFirstPartApplicationFlow,\n cond: OID4VCIMachineGuards.isFirstPartyApplication,\n },\n {\n target: OID4VCIMachineStates.prepareAuthorizationRequest,\n cond: OID4VCIMachineGuards.requireAuthorizationGuard,\n },\n {\n target: OID4VCIMachineStates.verifyPin,\n cond: OID4VCIMachineGuards.requirePinGuard,\n },\n {\n target: OID4VCIMachineStates.getCredentials,\n },\n ],\n on: {\n [OID4VCIMachineEvents.SET_AUTHORIZATION_CODE_URL]: {\n actions: assign({ authorizationCodeURL: (_ctx: OID4VCIMachineContext, _event: SetAuthorizationCodeURLEvent) => _event.data }),\n },\n },\n },\n [OID4VCIMachineStates.addContact]: {\n id: OID4VCIMachineStates.addContact,\n initial: OID4VCIMachineAddContactStates.idle,\n on: {\n [OID4VCIMachineEvents.SET_CONTACT_CONSENT]: {\n actions: assign({ hasContactConsent: (_ctx: OID4VCIMachineContext, _event: ContactConsentEvent) => _event.data }),\n },\n [OID4VCIMachineEvents.SET_CONTACT_ALIAS]: {\n actions: assign({ contactAlias: (_ctx: OID4VCIMachineContext, _event: ContactAliasEvent) => _event.data }),\n },\n [OID4VCIMachineEvents.CREATE_CONTACT]: {\n target: `.${OID4VCIMachineAddContactStates.next}`,\n actions: assign({ contact: (_ctx: OID4VCIMachineContext, _event: CreateContactEvent) => _event.data }),\n cond: OID4VCIMachineGuards.createContactGuard,\n },\n [OID4VCIMachineEvents.DECLINE]: {\n target: OID4VCIMachineStates.declined,\n },\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.aborted,\n },\n },\n states: {\n [OID4VCIMachineAddContactStates.idle]: {},\n [OID4VCIMachineAddContactStates.next]: {\n always: {\n target: `#${OID4VCIMachineStates.storeIssuerBranding}`,\n cond: OID4VCIMachineGuards.hasContactGuard,\n },\n },\n },\n },\n [OID4VCIMachineStates.reviewContact]: {\n id: OID4VCIMachineStates.reviewContact,\n on: {\n [OID4VCIMachineEvents.NEXT]: {\n target: OID4VCIMachineStates.transitionFromContactSetup,\n },\n [OID4VCIMachineEvents.DECLINE]: {\n target: OID4VCIMachineStates.declined,\n },\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.aborted,\n },\n },\n },\n [OID4VCIMachineStates.storeIssuerBranding]: {\n id: OID4VCIMachineStates.storeIssuerBranding,\n invoke: {\n src: OID4VCIMachineServices.storeIssuerBranding,\n onDone: {\n target: OID4VCIMachineStates.transitionFromContactSetup,\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_store_issuer_branding_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.transitionFromContactSetup]: {\n id: OID4VCIMachineStates.transitionFromContactSetup,\n always: [\n {\n target: OID4VCIMachineStates.selectCredentials,\n cond: OID4VCIMachineGuards.credentialsToSelectRequiredGuard,\n },\n {\n target: OID4VCIMachineStates.startFirstPartApplicationFlow,\n cond: OID4VCIMachineGuards.isFirstPartyApplication,\n },\n {\n target: OID4VCIMachineStates.prepareAuthorizationRequest,\n cond: OID4VCIMachineGuards.requireAuthorizationGuard,\n },\n {\n target: OID4VCIMachineStates.verifyPin,\n cond: OID4VCIMachineGuards.requirePinGuard,\n },\n {\n target: OID4VCIMachineStates.getCredentials,\n },\n ],\n },\n [OID4VCIMachineStates.startFirstPartApplicationFlow]: {\n id: OID4VCIMachineStates.startFirstPartApplicationFlow,\n invoke: {\n src: OID4VCIMachineServices.startFirstPartApplicationFlow,\n onDone: [\n {\n target: OID4VCIMachineStates.aborted,\n cond: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<FirstPartyMachineStateTypes>): boolean =>\n _event.data === FirstPartyMachineStateTypes.aborted,\n },\n {\n target: OID4VCIMachineStates.declined,\n cond: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<FirstPartyMachineStateTypes>): boolean =>\n _event.data === FirstPartyMachineStateTypes.declined,\n },\n {\n target: OID4VCIMachineStates.getCredentials,\n actions: assign({\n openID4VCIClientState: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeCodeResponse>) => {\n const authorizationCodeResponse = toAuthorizationResponsePayload(_event.data)\n return { ..._ctx.openID4VCIClientState!, authorizationCodeResponse }\n },\n }),\n },\n ],\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<ErrorDetails>): ErrorDetails => ({\n title: _event.data.title ?? translate('oid4vci_machine_first_party_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.selectCredentials]: {\n id: OID4VCIMachineStates.selectCredentials,\n on: {\n [OID4VCIMachineEvents.SET_SELECTED_CREDENTIALS]: {\n actions: assign({ selectedCredentials: (_ctx: OID4VCIMachineContext, _event: SelectCredentialsEvent) => _event.data }),\n },\n [OID4VCIMachineEvents.NEXT]: {\n target: OID4VCIMachineStates.transitionFromSelectingCredentials,\n cond: OID4VCIMachineGuards.hasSelectedCredentialsGuard,\n },\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.aborted,\n },\n },\n },\n [OID4VCIMachineStates.transitionFromSelectingCredentials]: {\n id: OID4VCIMachineStates.transitionFromSelectingCredentials,\n always: [\n {\n target: OID4VCIMachineStates.startFirstPartApplicationFlow,\n cond: OID4VCIMachineGuards.isFirstPartyApplication,\n },\n {\n target: OID4VCIMachineStates.prepareAuthorizationRequest,\n cond: OID4VCIMachineGuards.requireAuthorizationGuard,\n },\n {\n target: OID4VCIMachineStates.verifyPin,\n cond: OID4VCIMachineGuards.requirePinGuard,\n },\n {\n target: OID4VCIMachineStates.getCredentials,\n },\n ],\n },\n [OID4VCIMachineStates.prepareAuthorizationRequest]: {\n id: OID4VCIMachineStates.prepareAuthorizationRequest,\n invoke: {\n src: OID4VCIMachineServices.prepareAuthorizationRequest,\n onDone: {\n target: OID4VCIMachineStates.initiateAuthorizationRequest,\n actions: assign({\n authorizationCodeURL: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<PrepareAuthorizationResult>) =>\n _event.data.authorizationCodeURL,\n openID4VCIClientState: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<PrepareAuthorizationResult>) => _event.data.oid4vciClientState,\n }),\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_prepare_authorization_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.initiateAuthorizationRequest]: {\n id: OID4VCIMachineStates.initiateAuthorizationRequest,\n on: {\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.selectCredentials,\n },\n [OID4VCIMachineEvents.INVOKED_AUTHORIZATION_CODE_REQUEST]: {\n target: OID4VCIMachineStates.waitForAuthorizationResponse,\n },\n },\n },\n [OID4VCIMachineStates.waitForAuthorizationResponse]: {\n id: OID4VCIMachineStates.waitForAuthorizationResponse,\n on: {\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.initiateAuthorizationRequest,\n },\n [OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE]: {\n actions: assign({\n openID4VCIClientState: (_ctx: OID4VCIMachineContext, _event: AuthorizationResponseEvent) => {\n const authorizationCodeResponse = toAuthorizationResponsePayload(_event.data)\n return { ..._ctx.openID4VCIClientState!, authorizationCodeResponse }\n },\n }),\n },\n },\n always: [\n {\n cond: OID4VCIMachineGuards.hasAuthorizationResponse,\n target: OID4VCIMachineStates.getCredentials,\n },\n ],\n },\n [OID4VCIMachineStates.verifyPin]: {\n id: OID4VCIMachineStates.verifyPin,\n initial: OID4VCIMachineVerifyPinStates.idle,\n on: {\n [OID4VCIMachineEvents.SET_VERIFICATION_CODE]: {\n target: `.${OID4VCIMachineVerifyPinStates.next}`,\n actions: assign({ verificationCode: (_ctx: OID4VCIMachineContext, _event: VerificationCodeEvent) => _event.data }),\n },\n [OID4VCIMachineEvents.PREVIOUS]: [\n {\n target: OID4VCIMachineStates.selectCredentials,\n cond: OID4VCIMachineGuards.credentialsToSelectRequiredGuard,\n },\n {\n target: OID4VCIMachineStates.aborted,\n },\n ],\n },\n states: {\n [OID4VCIMachineVerifyPinStates.idle]: {},\n [OID4VCIMachineVerifyPinStates.next]: {\n always: {\n target: `#${OID4VCIMachineStates.getCredentials}`,\n cond: OID4VCIMachineGuards.verificationCodeGuard,\n },\n },\n },\n },\n [OID4VCIMachineStates.getCredentials]: {\n id: OID4VCIMachineStates.getCredentials,\n invoke: {\n src: OID4VCIMachineServices.getCredentials,\n onDone: {\n target: OID4VCIMachineStates.verifyCredentials,\n actions: assign({\n credentialsToAccept: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Array<MappedCredentialToAccept>>) => _event.data,\n }),\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_retrieve_credentials_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n exit: assign({ verificationCode: undefined }),\n },\n [OID4VCIMachineStates.verifyCredentials]: {\n id: OID4VCIMachineStates.verifyCredentials,\n invoke: {\n src: OID4VCIMachineServices.assertValidCredentials,\n onDone: {\n target: OID4VCIMachineStates.transitionFromWalletInput,\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_verify_credentials_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.transitionFromWalletInput]: {\n id: OID4VCIMachineStates.transitionFromWalletInput,\n always: [\n {\n target: OID4VCIMachineStates.addContactIdentity,\n cond: OID4VCIMachineGuards.hasNoContactIdentityGuard,\n },\n {\n target: OID4VCIMachineStates.reviewCredentials,\n },\n ],\n },\n [OID4VCIMachineStates.addContactIdentity]: {\n id: OID4VCIMachineStates.addContactIdentity,\n invoke: {\n src: OID4VCIMachineServices.addContactIdentity,\n onDone: {\n target: OID4VCIMachineStates.addIssuerBrandingAfterIdentity,\n actions: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Identity>): void => {\n _ctx.contact?.identities.push(_event.data)\n },\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_add_contact_identity_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.addIssuerBrandingAfterIdentity]: {\n id: OID4VCIMachineStates.addIssuerBrandingAfterIdentity,\n invoke: {\n src: OID4VCIMachineServices.storeIssuerBranding,\n onDone: {\n target: OID4VCIMachineStates.reviewCredentials,\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_store_issuer_branding_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.reviewCredentials]: {\n id: OID4VCIMachineStates.reviewCredentials,\n on: {\n [OID4VCIMachineEvents.NEXT]: {\n target: OID4VCIMachineStates.storeCredentialBranding,\n },\n [OID4VCIMachineEvents.DECLINE]: {\n target: OID4VCIMachineStates.declined,\n },\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.aborted,\n },\n },\n },\n [OID4VCIMachineStates.storeCredentialBranding]: {\n id: OID4VCIMachineStates.storeCredentialBranding,\n invoke: {\n src: OID4VCIMachineServices.storeCredentialBranding,\n onDone: {\n target: OID4VCIMachineStates.storeCredentials,\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_store_credential_branding_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.storeCredentials]: {\n id: OID4VCIMachineStates.storeCredentials,\n invoke: {\n src: OID4VCIMachineServices.storeCredentials,\n onDone: {\n target: OID4VCIMachineStates.done,\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_store_credential_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.handleError]: {\n id: OID4VCIMachineStates.handleError,\n on: {\n [OID4VCIMachineEvents.NEXT]: {\n target: OID4VCIMachineStates.error,\n },\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.error,\n },\n },\n },\n [OID4VCIMachineStates.aborted]: {\n id: OID4VCIMachineStates.aborted,\n type: 'final',\n },\n [OID4VCIMachineStates.declined]: {\n id: OID4VCIMachineStates.declined,\n type: 'final',\n },\n [OID4VCIMachineStates.error]: {\n id: OID4VCIMachineStates.error,\n type: 'final',\n },\n [OID4VCIMachineStates.done]: {\n id: OID4VCIMachineStates.done,\n type: 'final',\n },\n },\n })\n}\n\nexport class OID4VCIMachine {\n static async newInstance(opts: OID4VCIMachineInstanceOpts, context: RequiredContext): Promise<{ interpreter: OID4VCIMachineInterpreter }> {\n const interpreter: OID4VCIMachineInterpreter = interpret(\n createOID4VCIMachine(opts).withConfig({\n services: {\n ...opts?.services,\n },\n guards: {\n oid4vciHasNoContactGuard,\n oid4vciCredentialsToSelectRequiredGuard,\n oid4vciRequirePinGuard,\n oid4vciHasNoContactIdentityGuard,\n oid4vciVerificationCodeGuard,\n oid4vciHasContactGuard,\n oid4vciCreateContactGuard,\n oid4vciHasSelectedCredentialsGuard,\n oid4vciRequireAuthorizationGuard,\n oid4vciNoAuthorizationGuard,\n oid4vciHasAuthorizationResponse,\n oid4vciIsOIDFOriginGuard,\n oid4vciContactHasLowTrustGuard,\n oid4vciIsFirstPartyApplication,\n ...opts?.guards,\n },\n }),\n )\n\n if (typeof opts?.subscription === 'function') {\n interpreter.onTransition(opts.subscription)\n }\n if (opts?.requireCustomNavigationHook !== true) {\n if (typeof opts?.stateNavigationListener === 'function') {\n interpreter.onTransition((snapshot: OID4VCIMachineState): void => {\n if (opts?.stateNavigationListener) {\n opts.stateNavigationListener(interpreter, snapshot)\n }\n })\n }\n }\n\n return { interpreter }\n }\n}\n","import i18n, { Scope, TranslateOptions } from 'i18n-js'\nimport memoize from 'lodash.memoize'\nimport { SupportedLanguage } from '../types/IOID4VCIHolder'\n\nclass Localization {\n private static translationGetters: { [locale: string]: () => object } = {\n [SupportedLanguage.ENGLISH]: () => require('./translations/en.json'),\n [SupportedLanguage.DUTCH]: () => require('./translations/nl.json'),\n }\n\n public static translate: any = memoize(\n (key: Scope, config?: TranslateOptions) => {\n // If no LocaleProvider is used we need to load the default locale as the translations will be empty\n if (Object.keys(i18n.translations).length === 0) {\n i18n.translations = {\n [SupportedLanguage.ENGLISH]: Localization.translationGetters[SupportedLanguage.ENGLISH](),\n }\n i18n.locale = SupportedLanguage.ENGLISH\n } else {\n i18n.translations = {\n [i18n.locale]: {\n ...i18n.translations[i18n.locale],\n ...Localization.translationGetters[this.findSupportedLanguage(i18n.locale) \|\| SupportedLanguage.ENGLISH](),\n },\n }\n }\n\n return i18n.t(key, config)\n },\n (key: Scope, config?: TranslateOptions) => (config ? key + JSON.stringify(config) : key),\n )\n\n private static findSupportedLanguage = (locale: string): string \| undefined => {\n for (const language of Object.values(SupportedLanguage)) {\n if (language === locale) {\n return language\n }\n }\n\n return undefined\n }\n\n public static getLocale = (): string => {\n return i18n.locale \|\| SupportedLanguage.ENGLISH\n }\n}\n\nexport const translate = Localization.translate\nexport default Localization\n","import { DynamicRegistrationClientMetadata } from '@sphereon/oid4vc-common'\nimport { OpenID4VCIClientState, OpenID4VCIClientV1_0_15 } from '@sphereon/oid4vci-client'\nimport {\n AuthorizationRequestOpts,\n AuthorizationResponse,\n AuthorizationServerClientOpts,\n AuthzFlowType,\n CredentialConfigurationSupported,\n CredentialOfferRequestWithBaseUrl,\n CredentialResponse,\n CredentialResponseV1_0_15,\n CredentialsSupportedDisplay,\n EndpointMetadataResult,\n ExperimentalSubjectIssuance,\n IssuerCredentialSubject,\n MetadataDisplay,\n NotificationRequest,\n} from '@sphereon/oid4vci-common'\nimport { CreateOrGetIdentifierOpts, IdentifierProviderOpts, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n IIdentifierResolution,\n ManagedIdentifierMethod,\n ManagedIdentifierOptsOrResult,\n ManagedIdentifierResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IContactManager } from '@sphereon/ssi-sdk.contact-manager'\nimport { ICredentialStore } from '@sphereon/ssi-sdk.credential-store'\nimport { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'\nimport {\n DigitalCredential,\n IBasicCredentialClaim,\n IBasicCredentialLocaleBranding,\n IBasicIssuerLocaleBranding,\n Identity,\n IIssuerLocaleBranding,\n Party,\n} from '@sphereon/ssi-sdk.data-store-types'\nimport { IIssuanceBranding } from '@sphereon/ssi-sdk.issuance-branding'\nimport { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'\nimport { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IDidAuthSiopOpAuthenticator } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport {\n HasherSync,\n IVerifiableCredential,\n JoseSignatureAlgorithm,\n JoseSignatureAlgorithmString,\n OriginalVerifiableCredential,\n SdJwtClaimMetadata,\n SdJwtTypeDisplayMetadata,\n W3CVerifiableCredential,\n WrappedVerifiableCredential,\n WrappedVerifiablePresentation,\n} from '@sphereon/ssi-types'\nimport {\n IAgentContext,\n ICredentialIssuer,\n ICredentialVerifier,\n IDIDManager,\n IKeyManager,\n IPluginMethodMap,\n IResolver,\n TAgent,\n TKeyType,\n VerificationPolicies,\n} from '@veramo/core'\nimport { BaseActionObject, Interpreter, ResolveTypegenMeta, ServiceMap, State, StateMachine, TypegenDisabled } from 'xstate'\nimport { FirstPartyMachineStateNavigationListener } from './FirstPartyMachine'\n\nexport interface IOID4VCIHolder extends IPluginMethodMap {\n oid4vciHolderGetIssuerMetadata(args: GetIssuerMetadataArgs, context: RequiredContext): Promise<EndpointMetadataResult>\n\n oid4vciHolderGetMachineInterpreter(args: GetMachineArgs, context: RequiredContext): Promise<OID4VCIMachine> // FIXME is using GetMachineArgs as args but the function uses OID4VCIMachineInstanceOpts\n\n oid4vciHolderStart(args: PrepareStartArgs, context: RequiredContext): Promise<StartResult>\n\n oid4vciHolderCreateCredentialsToSelectFrom(\n args: CreateCredentialsToSelectFromArgs,\n context: RequiredContext,\n ): Promise<Array<CredentialToSelectFromResult>>\n\n oid4vciHolderPrepareAuthorizationRequest(args: PrepareAuthorizationRequestArgs, context: RequiredContext): Promise<PrepareAuthorizationResult>\n oid4vciHolderGetContact(args: GetContactArgs, context: RequiredContext): Promise<Party \| undefined>\n\n oid4vciHolderGetCredentials(args: GetCredentialsArgs, context: RequiredContext): Promise<Array<MappedCredentialToAccept>>\n\n oid4vciHolderGetCredential(args: GetCredentialArgs, context: RequiredContext): Promise<MappedCredentialToAccept>\n\n oid4vciHolderAddContactIdentity(args: AddContactIdentityArgs, context: RequiredContext): Promise<Identity>\n\n oid4vciHolderAssertValidCredentials(args: AssertValidCredentialsArgs, context: RequiredContext): Promise<Array<VerificationResult>>\n\n oid4vciHolderGetIssuerBranding(\n args: GetIssuerBrandingArgs,\n context: RequiredContext,\n ): Promise<Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>>\n\n oid4vciHolderStoreIssuerBranding(args: StoreIssuerBrandingArgs, context: RequiredContext): Promise<void>\n\n oid4vciHolderStoreCredentialBranding(args: StoreCredentialBrandingArgs, context: RequiredContext): Promise<void>\n\n oid4vciHolderStoreCredentials(args: StoreCredentialsArgs, context: RequiredContext): Promise<void>\n}\n\nexport type OID4VCIHolderOptions = {\n onContactIdentityCreated?: (args: OnContactIdentityCreatedArgs) => Promise<void>\n onCredentialStored?: (args: OnCredentialStoredArgs) => Promise<void>\n onIdentifierCreated?: (args: OnIdentifierCreatedArgs) => Promise<void>\n onVerifyEBSICredentialIssuer?: (args: VerifyEBSICredentialIssuerArgs) => Promise<VerifyEBSICredentialIssuerResult>\n vcFormatPreferences?: Array<string>\n jsonldCryptographicSuitePreferences?: Array<string>\n defaultAuthorizationRequestOptions?: AuthorizationRequestOpts\n didMethodPreferences?: Array<SupportedDidMethodEnum>\n jwtCryptographicSuitePreferences?: Array<JoseSignatureAlgorithm \| JoseSignatureAlgorithmString>\n hasher?: HasherSync\n}\n\nexport type OnContactIdentityCreatedArgs = {\n contactId: string\n identity: Identity\n}\n\nexport type GetIssuerMetadataArgs = {\n issuer: string\n errorOnNotFound?: boolean\n}\n\nexport type OnCredentialStoredArgs = {\n credential: DigitalCredential\n vcHash: string\n}\n\nexport type OnIdentifierCreatedArgs = {\n identifier: ManagedIdentifierResult\n}\n\nexport type GetMachineArgs = {\n requestData: RequestData\n walletType: WalletType\n trustAnchors?: Array<string>\n authorizationRequestOpts?: AuthorizationRequestOpts\n clientOpts?: AuthorizationServerClientOpts\n didMethodPreferences?: Array<SupportedDidMethodEnum>\n issuanceOpt?: Partial<IssuanceOpts>\n stateNavigationListener?: OID4VCIMachineStateNavigationListener\n firstPartyStateNavigationListener?: FirstPartyMachineStateNavigationListener\n}\n\nexport type PrepareStartArgs = Pick<\n OID4VCIMachineContext,\n 'requestData' \| 'authorizationRequestOpts' \| 'didMethodPreferences' \| 'issuanceOpt' \| 'accessTokenOpts'\n>\nexport type PrepareAuthorizationRequestArgs = Pick<OID4VCIMachineContext, 'openID4VCIClientState' \| 'contact'>\nexport type CreateCredentialsToSelectFromArgs = Pick<\n OID4VCIMachineContext,\n 'credentialsSupported' \| 'credentialBranding' \| 'selectedCredentials' \| 'locale' \| 'openID4VCIClientState'\n>\nexport type GetContactArgs = Pick<OID4VCIMachineContext, 'serverMetadata'>\nexport type GetCredentialsArgs = Pick<\n OID4VCIMachineContext,\n 'verificationCode' \| 'openID4VCIClientState' \| 'selectedCredentials' \| 'didMethodPreferences' \| 'issuanceOpt' \| 'accessTokenOpts' \| 'walletType'\n>\nexport type AddContactIdentityArgs = Pick<OID4VCIMachineContext, 'credentialsToAccept' \| 'contact'>\nexport type GetIssuerBrandingArgs = Pick<OID4VCIMachineContext, 'serverMetadata' \| 'contact'>\nexport type StoreIssuerBrandingArgs = Pick<OID4VCIMachineContext, 'issuerBranding' \| 'contact'>\nexport type AssertValidCredentialsArgs = Pick<OID4VCIMachineContext, 'credentialsToAccept' \| 'issuanceOpt'>\nexport type StoreCredentialBrandingArgs = Pick<\n OID4VCIMachineContext,\n 'serverMetadata' \| 'credentialBranding' \| 'selectedCredentials' \| 'credentialsToAccept'\n>\nexport type StoreCredentialsArgs = Pick<\n OID4VCIMachineContext,\n 'credentialsToAccept' \| 'serverMetadata' \| 'credentialsSupported' \| 'openID4VCIClientState' \| 'selectedCredentials' \| 'issuanceOpt'\n>\nexport type SendNotificationArgs = Pick<\n OID4VCIMachineContext,\n 'credentialsToAccept' \| 'serverMetadata' \| 'credentialsSupported' \| 'openID4VCIClientState'\n> & { notificationRequest?: NotificationRequest; stored: boolean }\nexport type GetFederationTrustArgs = Pick<OID4VCIMachineContext, 'requestData' \| 'trustAnchors' \| 'serverMetadata'>\nexport type StartFirstPartApplicationMachine = Pick<OID4VCIMachineContext, 'openID4VCIClientState' \| 'contact'> & {\n stateNavigationListener?: FirstPartyMachineStateNavigationListener\n}\n\nexport enum OID4VCIHolderEvent {\n CONTACT_IDENTITY_CREATED = 'contact_identity_created',\n CREDENTIAL_STORED = 'credential_stored',\n IDENTIFIER_CREATED = 'identifier_created',\n}\n\nexport type RequestData = {\n credentialOffer?: CredentialOfferRequestWithBaseUrl // This object needs to be created/prepared with the OID4VCI credential offer client\n code?: string // Authorization code\n uri: string // Either a credential offer URI, or issuer URI. If a credential offer URI. If a credential offer URI it is suggested to include the credential offer, otherwise we try to detect it ourselves\n existingClientState?: string // Allows us to start with an existing client state. Meaning someone had a client instance before starting the flow\n createAuthorizationRequestURL?: boolean // Create or do not create an authorization request URL. The default is true\n flowType?: AuthzFlowType // Force a particular flow type if there is an option.\n [x: string]: any\n}\n\nexport enum SupportedLanguage {\n ENGLISH = 'en',\n DUTCH = 'nl',\n}\n\nexport type VerifyCredentialToAcceptArgs = {\n mappedCredential: MappedCredentialToAccept\n onVerifyEBSICredentialIssuer?: (args: VerifyEBSICredentialIssuerArgs) => Promise<VerifyEBSICredentialIssuerResult>\n hasher?: HasherSync\n schemaValidation?: SchemaValidation\n context: RequiredContext\n}\n\nexport type MappedCredentialToAccept = ExperimentalSubjectIssuance & {\n correlationId: string\n types: string[]\n credentialToAccept: CredentialToAccept\n uniformVerifiableCredential: IVerifiableCredential\n rawVerifiableCredential: W3CVerifiableCredential\n}\n\nexport type OID4VCIMachineContext = {\n authorizationRequestOpts?: AuthorizationRequestOpts\n accessTokenOpts?: AccessTokenOpts\n didMethodPreferences?: Array<SupportedDidMethodEnum>\n issuanceOpt?: IssuanceOpts\n trustAnchors: Array<string>\n requestData?: RequestData // TODO WAL-673 fix type as this is not always a qr code (deeplink)\n locale?: string\n authorizationCodeURL?: string\n issuerBranding?: Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>\n credentialBranding?: Record<string, Array<IBasicCredentialLocaleBranding>>\n credentialsSupported: Record<string, CredentialConfigurationSupported>\n serverMetadata?: EndpointMetadataResult\n openID4VCIClientState?: OpenID4VCIClientState\n credentialToSelectFrom: Array<CredentialToSelectFromResult>\n contactAlias: string\n walletType: WalletType\n contact?: Party\n selectedCredentials: Array<string>\n credentialsToAccept: Array<MappedCredentialToAccept>\n verificationCode?: string // TODO WAL-672 refactor to not store verificationCode in the context\n hasContactConsent: boolean\n trustedAnchors?: Array<string>\n error?: ErrorDetails\n}\n\nexport enum OID4VCIMachineStates {\n start = 'start',\n createCredentialsToSelectFrom = 'createCredentialsToSelectFrom',\n getContact = 'getContact',\n transitionFromSetup = 'transitionFromSetup',\n getFederationTrust = 'getFederationTrust',\n reviewContact = 'reviewContact',\n addContact = 'addContact',\n getIssuerBranding = 'getIssuerBranding',\n storeIssuerBranding = 'storeIssuerBranding',\n addIssuerBrandingAfterIdentity = 'addIssuerBrandingAfterIdentity',\n transitionFromContactSetup = 'transitionFromContactSetup',\n startFirstPartApplicationFlow = 'startFirstPartApplicationFlow',\n selectCredentials = 'selectCredentials',\n transitionFromSelectingCredentials = 'transitionFromSelectingCredentials',\n verifyPin = 'verifyPin',\n prepareAuthorizationRequest = 'prepareAuthorizationRequest',\n initiateAuthorizationRequest = 'initiateAuthorizationRequest',\n waitForAuthorizationResponse = 'waitForAuthorizationResponse',\n getCredentials = 'getCredentials',\n transitionFromWalletInput = 'transitionFromWalletInput',\n addContactIdentity = 'addContactIdentity',\n reviewCredentials = 'reviewCredentials',\n verifyCredentials = 'verifyCredentials',\n storeCredentialBranding = 'storeCredentialBranding',\n storeCredentials = 'storeCredentials',\n handleError = 'handleError',\n aborted = 'aborted',\n declined = 'declined',\n error = 'error',\n done = 'done',\n}\n\nexport enum OID4VCIMachineAddContactStates {\n idle = 'idle',\n next = 'next',\n}\n\nexport enum OID4VCIMachineVerifyPinStates {\n idle = 'idle',\n next = 'next',\n}\n\nexport type OID4VCIMachineInterpreter = Interpreter<\n OID4VCIMachineContext,\n any,\n OID4VCIMachineEventTypes,\n { value: any; context: OID4VCIMachineContext },\n any\n>\n\nexport type OID4VCIMachineState = State<\n OID4VCIMachineContext,\n OID4VCIMachineEventTypes,\n any,\n {\n value: any\n context: OID4VCIMachineContext\n },\n any\n>\n\nexport type OID4VCIStateMachine = StateMachine<\n OID4VCIMachineContext,\n any,\n OID4VCIMachineEventTypes,\n { value: any; context: OID4VCIMachineContext },\n BaseActionObject,\n ServiceMap,\n ResolveTypegenMeta<TypegenDisabled, OID4VCIMachineEventTypes, BaseActionObject, ServiceMap>\n>\n\nexport type CreateOID4VCIMachineOpts = {\n requestData: RequestData\n walletType: WalletType\n machineName?: string\n locale?: string\n trustAnchors?: Array<string>\n stateDefinition?: OID4VCIMachineState\n didMethodPreferences?: Array<SupportedDidMethodEnum>\n accessTokenOpts?: AccessTokenOpts\n issuanceOpt?: IssuanceOpts\n}\n\nexport type OID4VCIMachineStateNavigationListener = (\n oid4vciMachine: OID4VCIMachineInterpreter,\n state: OID4VCIMachineState,\n navigation?: any,\n) => Promise<void>\n\nexport type OID4VCIMachineInstanceOpts = {\n services?: any\n guards?: any\n subscription?: () => void\n requireCustomNavigationHook?: boolean\n authorizationRequestOpts?: AuthorizationRequestOpts\n didMethodPreferences?: Array<SupportedDidMethodEnum>\n issuanceOpt?: IssuanceOpts // restrict the issuance to these opts\n stateNavigationListener?: OID4VCIMachineStateNavigationListener\n firstPartyStateNavigationListener?: FirstPartyMachineStateNavigationListener\n} & CreateOID4VCIMachineOpts\n\nexport type OID4VCIProviderProps = {\n children?: any\n customOID4VCIInstance?: OID4VCIMachineInterpreter\n}\n\nexport type OID4VCIContext = {\n oid4vciInstance?: OID4VCIMachineInterpreter\n}\n\nexport type OID4VCIMachineNavigationArgs = {\n oid4vciMachine: OID4VCIMachineInterpreter\n state: OID4VCIMachineState\n navigation: any\n onNext?: () => void\n onBack?: () => void\n}\n\nexport enum OID4VCIMachineEvents {\n NEXT = 'NEXT',\n PREVIOUS = 'PREVIOUS',\n DECLINE = 'DECLINE',\n CREATE_CONTACT = 'CREATE_CONTACT',\n SET_VERIFICATION_CODE = 'SET_VERIFICATION_CODE',\n SET_CONTACT_ALIAS = 'SET_CONTACT_ALIAS',\n SET_CONTACT_CONSENT = 'SET_CONTACT_CONSENT',\n SET_SELECTED_CREDENTIALS = 'SET_SELECTED_CREDENTIALS',\n SET_AUTHORIZATION_CODE_URL = 'SET_AUTHORIZATION_CODE_URL',\n INVOKED_AUTHORIZATION_CODE_REQUEST = 'INVOKED_AUTHORIZATION_CODE_REQUEST',\n PROVIDE_AUTHORIZATION_CODE_RESPONSE = 'PROVIDE_AUTHORIZATION_CODE_RESPONSE',\n}\n\nexport enum OID4VCIMachineGuards {\n hasContactGuard = 'oid4vciHasContactGuard',\n hasNoContactGuard = 'oid4vciHasNoContactGuard',\n credentialsToSelectRequiredGuard = 'oid4vciCredentialsToSelectRequiredGuard',\n requirePinGuard = 'oid4vciRequirePinGuard',\n requireAuthorizationGuard = 'oid4vciRequireAuthorizationGuard',\n noAuthorizationGuard = 'oid4vciNoAuthorizationGuard',\n hasNonceEndpointGuard = 'oid4vciHasNonceEndpointGuard ',\n hasAuthorizationResponse = 'oid4vciHasAuthorizationResponse',\n hasNoContactIdentityGuard = 'oid4vciHasNoContactIdentityGuard',\n verificationCodeGuard = 'oid4vciVerificationCodeGuard',\n createContactGuard = 'oid4vciCreateContactGuard',\n hasSelectedCredentialsGuard = 'oid4vciHasSelectedCredentialsGuard',\n isOIDFOriginGuard = 'oid4vciIsOIDFOriginGuard',\n contactHasLowTrustGuard = 'oid4vciContactHasLowTrustGuard',\n isFirstPartyApplication = 'oid4vciIsFirstPartyApplication',\n}\n\nexport enum OID4VCIMachineServices {\n start = 'start',\n getContact = 'getContact',\n getFederationTrust = 'getFederationTrust',\n addContactIdentity = 'addContactIdentity',\n createCredentialsToSelectFrom = 'createCredentialsToSelectFrom',\n prepareAuthorizationRequest = 'prepareAuthorizationRequest',\n getIssuerBranding = 'getIssuerBranding',\n storeIssuerBranding = 'storeIssuerBranding',\n getCredentials = 'getCredentials',\n assertValidCredentials = 'assertValidCredentials',\n storeCredentialBranding = 'storeCredentialBranding',\n sendNotification = 'sendNotification',\n storeCredentials = 'storeCredentials',\n startFirstPartApplicationFlow = 'startFirstPartApplicationFlow',\n}\n\nexport type OID4VCIMachineServiceDefinitions = Record<keyof typeof OID4VCIMachineServices, (...args: Array<any>) => any>\n\nexport type NextEvent = { type: OID4VCIMachineEvents.NEXT }\nexport type PreviousEvent = { type: OID4VCIMachineEvents.PREVIOUS }\nexport type DeclineEvent = { type: OID4VCIMachineEvents.DECLINE }\nexport type CreateContactEvent = { type: OID4VCIMachineEvents.CREATE_CONTACT; data: Party }\nexport type SelectCredentialsEvent = { type: OID4VCIMachineEvents.SET_SELECTED_CREDENTIALS; data: Array<string> }\nexport type VerificationCodeEvent = { type: OID4VCIMachineEvents.SET_VERIFICATION_CODE; data: string }\nexport type ContactConsentEvent = { type: OID4VCIMachineEvents.SET_CONTACT_CONSENT; data: boolean }\nexport type ContactAliasEvent = { type: OID4VCIMachineEvents.SET_CONTACT_ALIAS; data: string }\nexport type SetAuthorizationCodeURLEvent = { type: OID4VCIMachineEvents.SET_AUTHORIZATION_CODE_URL; data: string }\nexport type InvokeAuthorizationRequestEvent = { type: OID4VCIMachineEvents.INVOKED_AUTHORIZATION_CODE_REQUEST; data: string }\nexport type AuthorizationResponseEvent = { type: OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE; data: string \| AuthorizationResponse }\n\nexport type OID4VCIMachineEventTypes =\n \| NextEvent\n \| PreviousEvent\n \| DeclineEvent\n \| CreateContactEvent\n \| SelectCredentialsEvent\n \| VerificationCodeEvent\n \| ContactConsentEvent\n \| ContactAliasEvent\n \| SetAuthorizationCodeURLEvent\n \| InvokeAuthorizationRequestEvent\n \| AuthorizationResponseEvent\n\nexport type ErrorDetails = {\n title: string\n message: string\n // TODO WAL-676 would be nice if we can bundle these details fields into a new type so that we can check on this field instead of the 2 separately\n detailsTitle?: string\n detailsMessage?: string\n stack?: string\n}\n\nexport enum RequestType {\n OPENID_INITIATE_ISSUANCE = 'openid-initiate-issuance',\n OPENID_CREDENTIAL_OFFER = 'openid-credential-offer',\n URL = 'URL',\n}\n\nexport type CredentialToSelectFromResult = ExperimentalSubjectIssuance & {\n id: string\n credentialId: string\n credentialTypes: Array<string>\n credentialAlias: string\n isSelected: boolean\n}\n\nexport type OID4VCIMachine = {\n interpreter: OID4VCIMachineInterpreter\n}\n\nexport type StartResult = {\n credentialBranding?: Record<string, Array<IBasicCredentialLocaleBranding>>\n credentialsSupported: Record<string, CredentialConfigurationSupported>\n serverMetadata: EndpointMetadataResult\n oid4vciClientState: OpenID4VCIClientState\n}\n\nexport type PrepareAuthorizationResult = {\n authorizationCodeURL?: string\n oid4vciClientState: OpenID4VCIClientState\n}\n\nexport type SelectAppLocaleBrandingArgs = {\n locale?: string\n localeBranding?: Array<IBasicCredentialLocaleBranding \| IBasicIssuerLocaleBranding>\n}\n\nexport type IssuanceOpts = CredentialConfigurationSupported & {\n credentialConfigurationId?: string // Explicit ID for a credential\n supportedBindingMethods: ManagedIdentifierMethod[]\n supportedPreferredDidMethod?: SupportedDidMethodEnum\n schemaValidation?: SchemaValidation\n // todo: rename, now we have generic identifiers\n identifier?: ManagedIdentifierOptsOrResult\n // todo: replace by signature alg, so we can determine applicable key types instead of determining up front. Use proof_types_supported\n keyType?: TKeyType\n codecName?: string\n kms?: string\n}\n\nexport type VerificationResult = {\n result: boolean\n source: WrappedVerifiableCredential \| WrappedVerifiablePresentation\n subResults: Array<VerificationSubResult>\n error?: string \| undefined\n errorDetails?: string\n}\n\nexport type VerificationSubResult = {\n result: boolean\n error?: string\n errorDetails?: string\n}\n\nexport type CredentialToAccept = {\n id?: string\n types: string[]\n issuanceOpt: IssuanceOpts\n credentialResponse: CredentialResponseV1_0_15 \| CredentialResponse\n}\n\nexport type GetCredentialConfigsSupportedArgs = {\n client: OpenID4VCIClientV1_0_15\n vcFormatPreferences: Array<string>\n format?: Array<string>\n types?: Array<Array<string>>\n configurationIds?: Array<string>\n}\n\n/*\n Please note that this method is restricting the results to one set of types or configurationId.\n * It can potentially return multiple results mainly because of different formats.\n /\nexport type GetCredentialConfigsSupportedBySingleTypeOrIdArgs = {\n client: OpenID4VCIClientV1_0_15\n vcFormatPreferences: Array<string>\n format?: string[]\n types?: string[]\n configurationId?: string\n}\n\nexport type GetCredentialBrandingArgs = {\n credentialsSupported: Record<string, CredentialConfigurationSupported>\n context: RequiredContext\n}\n\nexport type GetBasicIssuerLocaleBrandingArgs = {\n display: MetadataDisplay[]\n dynamicRegistrationClientMetadata?: DynamicRegistrationClientMetadataDisplay\n context: RequiredContext\n}\n\nexport type GetPreferredCredentialFormatsArgs = {\n credentials: Record<string, CredentialConfigurationSupported>\n vcFormatPreferences: Array<string>\n}\n\nexport type MapCredentialToAcceptArgs = {\n credentialToAccept: CredentialToAccept\n hasher?: HasherSync\n}\n\nexport type GetDefaultIssuanceOptsArgs = {\n credentialSupported: CredentialConfigurationSupported\n opts: DefaultIssuanceOpts\n context: RequiredContext\n}\n\nexport type DefaultIssuanceOpts = {\n client: OpenID4VCIClientV1_0_15\n}\n\nexport type GetIdentifierArgs = {\n issuanceOpt: IssuanceOpts\n context: RequiredContext\n}\n\nexport type GetAuthenticationKeyArgs = {\n identifier: ManagedIdentifierOptsOrResult\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n context: IAgentContext<IResolver & IDIDManager & IKeyManager>\n}\n\nexport type GetOrCreatePrimaryIdentifierArgs = {\n context: RequiredContext\n opts?: CreateOrGetIdentifierOpts\n}\n\nexport type CreateIdentifierArgs = {\n context: RequiredContext\n opts?: CreateIdentifierOpts\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type GetIssuanceOptsArgs = {\n client: OpenID4VCIClientV1_0_15\n credentialsSupported: Record<string, CredentialConfigurationSupported>\n serverMetadata: EndpointMetadataResult\n context: RequiredContext\n didMethodPreferences: Array<SupportedDidMethodEnum>\n jwtCryptographicSuitePreferences: Array<JoseSignatureAlgorithm \| JoseSignatureAlgorithmString>\n jsonldCryptographicSuitePreferences: Array<string>\n forceIssuanceOpt?: IssuanceOpts\n}\n\nexport type GetIssuanceDidMethodArgs = {\n credentialSupported: CredentialConfigurationSupported\n client: OpenID4VCIClientV1_0_15\n didMethodPreferences: Array<SupportedDidMethodEnum>\n}\n\nexport type GetIssuanceCryptoSuiteArgs = {\n credentialSupported: CredentialConfigurationSupported\n client: OpenID4VCIClientV1_0_15\n jwtCryptographicSuitePreferences: Array<JoseSignatureAlgorithm \| JoseSignatureAlgorithmString>\n jsonldCryptographicSuitePreferences: Array<string>\n}\n\nexport type GetCredentialArgs = {\n pin?: string\n issuanceOpt: IssuanceOpts\n client: OpenID4VCIClientV1_0_15\n accessTokenOpts?: AccessTokenOpts\n}\n\nexport type AccessTokenOpts = {\n additionalRequestParams?: Record<string, any>\n clientOpts?: AuthorizationServerClientOpts\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport type CredentialVerificationError = {\n error?: string\n errorDetails?: string\n}\n\nexport type VerifyMdocArgs = { credential: string }\n\nexport type VerifySDJWTCredentialArgs = { credential: string; hasher?: HasherSync }\n\nexport interface VerifyCredentialArgs {\n credential: OriginalVerifiableCredential\n fetchRemoteContexts?: boolean\n policies?: VerificationPolicies\n\n [x: string]: any\n}\n\nexport type IssuerType = 'RootTAO' \| 'TAO' \| 'TI' \| 'Revoked or Undefined'\n\nexport type VerifyEBSICredentialIssuerArgs = {\n wrappedVc: WrappedVerifiableCredential\n issuerType?: IssuerType[]\n}\n\nexport type Attribute = {\n hash: string\n body: string\n issuerType: IssuerType\n tao: string\n rootTao: string\n}\n\nexport type VerifyEBSICredentialIssuerResult = {\n did: string\n attributes: Attribute[]\n}\n\nexport type Oid4vciCredentialLocaleBrandingFromArgs = {\n credentialDisplay: CredentialsSupportedDisplay\n}\n\nexport type SdJwtCredentialLocaleBrandingFromArgs = {\n credentialDisplay: SdJwtTypeDisplayMetadata\n}\n\nexport type SdJwtGetCredentialBrandingFromArgs = {\n credentialDisplay?: Array<SdJwtTypeDisplayMetadata>\n claimsMetadata?: Array<SdJwtClaimMetadata>\n}\n\nexport type SdJwtCredentialClaimLocalesFromArgs = {\n claimsMetadata: Array<SdJwtClaimMetadata>\n}\n\nexport type IssuerLocaleBrandingFromArgs = {\n issuerDisplay: MetadataDisplay\n dynamicRegistrationClientMetadata?: DynamicRegistrationClientMetadataDisplay\n}\n\nexport type Oid4vciGetCredentialBrandingFromArgs = {\n credentialDisplay?: Array<CredentialsSupportedDisplay>\n issuerCredentialSubject?: IssuerCredentialSubject\n}\n\nexport type Oid4vciCredentialDisplayLocalesFromArgs = {\n credentialDisplay: Array<CredentialsSupportedDisplay>\n}\n\nexport type SdJwtCredentialDisplayLocalesFromArgs = {\n credentialDisplay: Array<SdJwtTypeDisplayMetadata>\n}\n\nexport type Oid4vciIssuerCredentialSubjectLocalesFromArgs = {\n issuerCredentialSubject: IssuerCredentialSubject\n}\n\nexport type Oid4vciCombineDisplayLocalesFromArgs = {\n credentialDisplayLocales?: Map<string, CredentialsSupportedDisplay>\n issuerCredentialSubjectLocales?: Map<string, Array<IBasicCredentialClaim>>\n}\n\nexport type SdJwtCombineDisplayLocalesFromArgs = {\n credentialDisplayLocales?: Map<string, SdJwtTypeDisplayMetadata>\n claimsMetadata?: Map<string, Array<IBasicCredentialClaim>>\n}\n\nexport type DynamicRegistrationClientMetadataDisplay = Pick<\n DynamicRegistrationClientMetadata,\n 'client_name' \| 'client_uri' \| 'contacts' \| 'tos_uri' \| 'policy_uri' \| 'logo_uri'\n>\n\nexport type WalletType = 'NATURAL_PERSON' \| 'ORGANIZATIONAL'\n\nexport type DidAgents = TAgent<IResolver & IDIDManager>\n\nexport type RequiredContext = IAgentContext<\n IIssuanceBranding &\n IContactManager &\n ICredentialValidation &\n ICredentialVerifier &\n ICredentialIssuer &\n ICredentialStore &\n IIdentifierResolution &\n IJwtService &\n IDIDManager &\n IResolver &\n IKeyManager &\n ISDJwtPlugin &\n ImDLMdoc &\n IDidAuthSiopOpAuthenticator\n>\n","import { RPRegistrationMetadataPayload } from '@sphereon/did-auth-siop'\nimport { OpenID4VCIClientState } from '@sphereon/oid4vci-client'\nimport { AuthorizationChallengeCodeResponse } from '@sphereon/oid4vci-common'\nimport { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store'\nimport { DidAuthConfig, Party } from '@sphereon/ssi-sdk.data-store-types'\nimport { IIdentifier } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport { BaseActionObject, Interpreter, ResolveTypegenMeta, ServiceMap, State, StateMachine, StatesConfig, TypegenDisabled } from 'xstate'\nimport { ErrorDetails, RequiredContext } from './IOID4VCIHolder'\n\nexport enum FirstPartyMachineStateTypes {\n sendAuthorizationChallengeRequest = 'sendAuthorizationChallengeRequest',\n sendAuthorizationResponse = 'sendAuthorizationResponse',\n selectCredentials = 'selectCredentials',\n createConfig = 'createConfig',\n getSiopRequest = 'getSiopRequest',\n error = 'error',\n done = 'done',\n aborted = 'aborted',\n declined = 'declined',\n}\n\nexport enum FirstPartyMachineServices {\n sendAuthorizationChallengeRequest = 'sendAuthorizationChallengeRequest',\n sendAuthorizationResponse = 'sendAuthorizationResponse',\n createConfig = 'createConfig',\n getSiopRequest = 'getSiopRequest',\n}\n\nexport type FirstPartyMachineStates = Record<FirstPartyMachineStateTypes, {}>\n\nexport type FirstPartyMachineContext = {\n openID4VCIClientState: OpenID4VCIClientState\n selectedCredentials: Array<UniqueDigitalCredential>\n contact: Party\n authSession?: string\n presentationUri?: string\n identifier?: IIdentifier\n didAuthConfig?: Omit<DidAuthConfig, 'identifier'>\n authorizationRequestData?: SiopV2AuthorizationRequestData\n presentationDuringIssuanceSession?: string\n authorizationCodeResponse?: AuthorizationChallengeCodeResponse\n error?: ErrorDetails\n}\n\nexport enum FirstPartyMachineEvents {\n NEXT = 'NEXT',\n PREVIOUS = 'PREVIOUS',\n DECLINE = 'DECLINE',\n SET_SELECTED_CREDENTIALS = 'SET_SELECTED_CREDENTIALS',\n}\n\nexport type FirstPartyNextEvent = { type: FirstPartyMachineEvents.NEXT }\nexport type FirstPartyPreviousEvent = { type: FirstPartyMachineEvents.PREVIOUS }\nexport type FirstPartyDeclineEvent = { type: FirstPartyMachineEvents.DECLINE }\nexport type FirstPartySelectCredentialsEvent = {\n type: FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS\n data: Array<UniqueDigitalCredential>\n}\n\nexport type FirstPartyMachineEventTypes = FirstPartyNextEvent \| FirstPartyPreviousEvent \| FirstPartyDeclineEvent \| FirstPartySelectCredentialsEvent\n\nexport type FirstPartyMachineStatesConfig = StatesConfig<\n FirstPartyMachineContext,\n {\n states: FirstPartyMachineStates\n },\n FirstPartyMachineEventTypes,\n any\n>\n\nexport type CreateFirstPartyMachineOpts = {\n openID4VCIClientState: OpenID4VCIClientState\n contact: Party\n agentContext: RequiredContext\n machineId?: string\n}\n\nexport type FirstPartyStateMachine = StateMachine<\n FirstPartyMachineContext,\n any,\n FirstPartyMachineEventTypes,\n {\n value: any\n context: FirstPartyMachineContext\n },\n BaseActionObject,\n ServiceMap,\n ResolveTypegenMeta<TypegenDisabled, FirstPartyMachineEventTypes, BaseActionObject, ServiceMap>\n>\n\nexport type FirstPartyMachineInterpreter = Interpreter<\n FirstPartyMachineContext,\n any,\n FirstPartyMachineEventTypes,\n {\n value: any\n context: FirstPartyMachineContext\n },\n any\n>\n\nexport type FirstPartyMachineStateNavigationListener = (\n firstPartyMachine: FirstPartyMachineInterpreter,\n state: FirstPartyMachineState,\n navigation?: any,\n) => Promise<void>\n\nexport type InstanceFirstPartyMachineOpts = {\n services?: any\n guards?: any\n subscription?: () => void\n requireCustomNavigationHook?: boolean\n stateNavigationListener?: FirstPartyMachineStateNavigationListener\n} & CreateFirstPartyMachineOpts\n\nexport type FirstPartyMachineState = State<\n FirstPartyMachineContext,\n FirstPartyMachineEventTypes,\n any,\n {\n value: any\n context: FirstPartyMachineContext\n },\n any\n>\n\nexport type FirstPartyMachineServiceDefinitions = Record<keyof typeof FirstPartyMachineServices, (...args: Array<any>) => any>\n\nexport type SendAuthorizationChallengeRequestArgs = Pick<\n FirstPartyMachineContext,\n 'openID4VCIClientState' \| 'authSession' \| 'presentationDuringIssuanceSession'\n>\n\nexport type SendAuthorizationResponseArgs = Pick<\n FirstPartyMachineContext,\n 'authSession' \| 'presentationUri' \| 'didAuthConfig' \| 'authorizationRequestData' \| 'selectedCredentials'\n>\n\nexport type CreateConfigArgs = Pick<FirstPartyMachineContext, 'presentationUri' \| 'identifier'>\n\nexport type GetSiopRequestArgs = Pick<FirstPartyMachineContext, 'didAuthConfig' \| 'presentationUri'>\n\nexport type SiopV2AuthorizationRequestData = {\n correlationId: string\n registrationMetadataPayload: RPRegistrationMetadataPayload\n issuer?: string\n name?: string\n uri?: URL\n clientIdScheme?: string\n clientId?: string\n entityId?: string\n dcqlQuery: DcqlQuery\n}\n\nexport type FirstPartyMachineNavigationArgs = {\n firstPartyMachine: FirstPartyMachineInterpreter\n state: FirstPartyMachineState\n navigation: any\n onNext?: () => void\n onBack?: () => void\n}\n","import { LOG } from '@sphereon/oid4vci-client'\nimport {\n AuthorizationChallengeCodeResponse,\n CredentialConfigurationSupported,\n CredentialConfigurationSupportedSdJwtVcV1_0_15,\n CredentialResponse,\n CredentialResponseV1_0_15,\n CredentialSupportedSdJwtVc,\n getSupportedCredentials,\n getTypesFromCredentialSupported,\n getTypesFromObject,\n MetadataDisplay,\n} from '@sphereon/oid4vci-common'\nimport { KeyUse } from '@sphereon/ssi-sdk-ext.did-resolver-jwk'\nimport { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isIIdentifier,\n isManagedIdentifierDidResult,\n isManagedIdentifierResult,\n ManagedIdentifierMethod,\n ManagedIdentifierResult,\n managedIdentifierToJwk,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { keyTypeFromCryptographicSuite } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store-types'\nimport {\n CredentialMapper,\n Hasher,\n IVerifiableCredential,\n JoseSignatureAlgorithm,\n JoseSignatureAlgorithmString,\n mdocDecodedCredentialToUniformCredential,\n OriginalVerifiableCredential,\n sdJwtDecodedCredentialToUniformCredential,\n SdJwtDecodedVerifiableCredential,\n SdJwtTypeMetadata,\n W3CVerifiableCredential,\n WrappedVerifiableCredential,\n} from '@sphereon/ssi-types'\nimport { asArray } from '@veramo/utils'\nimport { translate } from '../localization/Localization'\nimport { FirstPartyMachine } from '../machines/firstPartyMachine'\nimport { issuerLocaleBrandingFrom, oid4vciGetCredentialBrandingFrom, sdJwtGetCredentialBrandingFrom } from '../mappers/OIDC4VCIBrandingMapper'\nimport { FirstPartyMachineState, FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'\nimport {\n DidAgents,\n GetBasicIssuerLocaleBrandingArgs,\n GetCredentialBrandingArgs,\n GetCredentialConfigsSupportedArgs,\n GetCredentialConfigsSupportedBySingleTypeOrIdArgs,\n GetIdentifierArgs,\n GetIssuanceCryptoSuiteArgs,\n GetIssuanceDidMethodArgs,\n GetIssuanceOptsArgs,\n GetPreferredCredentialFormatsArgs,\n IssuanceOpts,\n MapCredentialToAcceptArgs,\n MappedCredentialToAccept,\n OID4VCIHolderEvent,\n RequiredContext,\n SelectAppLocaleBrandingArgs,\n StartFirstPartApplicationMachine,\n VerificationResult,\n VerifyCredentialToAcceptArgs,\n} from '../types/IOID4VCIHolder'\n\nexport const getCredentialBranding = async (args: GetCredentialBrandingArgs): Promise<Record<string, Array<IBasicCredentialLocaleBranding>>> => {\n const { credentialsSupported, context } = args\n const credentialBranding: Record<string, Array<IBasicCredentialLocaleBranding>> = {}\n await Promise.all(\n Object.entries(credentialsSupported).map(async ([configId, credentialsConfigSupported]): Promise<void> => {\n let sdJwtTypeMetadata: SdJwtTypeMetadata \| undefined\n if (credentialsConfigSupported.format === 'dc+sd-jwt') {\n const vct = (<CredentialSupportedSdJwtVc \| CredentialConfigurationSupportedSdJwtVcV1_0_15>credentialsConfigSupported).vct\n if (vct.startsWith('http')) {\n try {\n sdJwtTypeMetadata = await context.agent.fetchSdJwtTypeMetadataFromVctUrl({ vct })\n } catch {\n // For now, we are just going to ignore and continue without any branding as we still have a fallback\n }\n }\n }\n let mappedLocaleBranding: Array<IBasicCredentialLocaleBranding> = []\n if (sdJwtTypeMetadata) {\n mappedLocaleBranding = await sdJwtGetCredentialBrandingFrom({\n credentialDisplay: sdJwtTypeMetadata.display,\n claimsMetadata: sdJwtTypeMetadata.claims,\n })\n } else {\n mappedLocaleBranding = await oid4vciGetCredentialBrandingFrom({\n credentialDisplay: credentialsConfigSupported.display,\n issuerCredentialSubject:\n // @ts-ignore // FIXME SPRIND-123 add proper support for type recognition as claim display can be located elsewhere for v13\n credentialsSupported.claims !== undefined ? credentialsConfigSupported.claims : credentialsConfigSupported.credentialSubject,\n })\n }\n // TODO we should make the mapper part of the plugin, so that the logic for getting the branding becomes more clear and easier to use\n const localeBranding = await Promise.all(\n mappedLocaleBranding.map(\n async (localeBranding): Promise<IBasicCredentialLocaleBranding> => await context.agent.ibCredentialLocaleBrandingFrom({ localeBranding }),\n ),\n )\n const defaultCredentialType = 'VerifiableCredential'\n const configSupportedTypes = getTypesFromCredentialSupported(credentialsConfigSupported)\n const credentialTypes: Array<string> = configSupportedTypes.length === 0 ? asArray(defaultCredentialType) : configSupportedTypes\n const filteredCredentialTypes = credentialTypes.filter((type: string): boolean => type !== defaultCredentialType)\n credentialBranding[filteredCredentialTypes[0]] = localeBranding // TODO for now taking the first type\n }),\n )\n\n return credentialBranding\n}\n\nexport const getBasicIssuerLocaleBranding = async (args: GetBasicIssuerLocaleBrandingArgs): Promise<Array<IBasicIssuerLocaleBranding>> => {\n const { display, dynamicRegistrationClientMetadata, context } = args\n return await Promise.all(\n display.map(async (issuerDisplay: MetadataDisplay): Promise<IBasicIssuerLocaleBranding> => {\n // FIXME for now we do not have locale support for dynamicRegistrationClientMetadata, so we add all the metadata to every locale\n const branding = await issuerLocaleBrandingFrom({ issuerDisplay, dynamicRegistrationClientMetadata })\n return context.agent.ibIssuerLocaleBrandingFrom({ localeBranding: branding })\n }),\n )\n}\n\nexport const getCredentialConfigsBasedOnFormatPref = async (\n args: GetPreferredCredentialFormatsArgs,\n): Promise<Record<string, CredentialConfigurationSupported>> => {\n const { vcFormatPreferences, credentials } = args\n const prefConfigs = {} as Record<string, CredentialConfigurationSupported>\n Object.entries(credentials).forEach(([key, config]) => {\n const result = !config.format \|\| vcFormatPreferences.map((pref) => pref.toLowerCase()).includes(config.format.toLowerCase())\n if (result) {\n prefConfigs[key] = config\n }\n })\n\n return prefConfigs\n}\n\nexport const selectCredentialLocaleBranding = async (\n args: SelectAppLocaleBrandingArgs,\n): Promise<IBasicCredentialLocaleBranding \| IBasicIssuerLocaleBranding \| undefined> => {\n const { locale, localeBranding } = args\n\n return localeBranding?.find(\n (branding: IBasicCredentialLocaleBranding \| IBasicIssuerLocaleBranding) =>\n locale ? branding.locale?.startsWith(locale) \|\| branding.locale === undefined : branding.locale === undefined, // TODO refactor as we have duplicate code\n )\n}\n\nexport const verifyCredentialToAccept = async (args: VerifyCredentialToAcceptArgs): Promise<VerificationResult> => {\n const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args\n\n const credential = extractCredentialFromResponse(mappedCredential.credentialToAccept.credentialResponse)\n\n const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credential, { hasher: hasher ?? defaultHasher })\n if (\n wrappedVC.decoded?.iss?.includes('did:ebsi:') \|\|\n (typeof wrappedVC.decoded?.vc?.issuer === 'string'\n ? wrappedVC.decoded?.vc?.issuer?.includes('did:ebsi:')\n : wrappedVC.decoded?.vc?.issuer?.existingInstanceId?.includes('did:ebsi:'))\n ) {\n // TODO: Skipping VC validation for EBSI conformance issued credential, as their Issuer is not present in the ledger (sigh)\n // just calling the verifySchema functionality for ebsi credentials\n await context.agent.cvVerifySchema({ credential, hasher, validationPolicy: schemaValidation })\n if (JSON.stringify(wrappedVC.decoded).includes('vc:ebsi:conformance')) {\n return { source: wrappedVC, error: undefined, result: true, subResults: [] } satisfies VerificationResult\n }\n\n if (onVerifyEBSICredentialIssuer) {\n try {\n await onVerifyEBSICredentialIssuer({\n wrappedVc: wrappedVC,\n })\n } catch (e) {\n return { source: wrappedVC, error: e.message, result: true, subResults: [] } satisfies VerificationResult\n }\n }\n }\n\n const verificationResult: VerificationResult = await context.agent.cvVerifyCredential({\n credential,\n hasher,\n // TODO WAL-675 we might want to allow these types of options as part of the context, now we have state machines. Allows us to pre-determine whether these policies apply and whether remote context should be fetched\n fetchRemoteContexts: true,\n policies: {\n schemaValidation: schemaValidation,\n credentialStatus: false,\n expirationDate: false,\n issuanceDate: false,\n },\n })\n\n if (!verificationResult.result \|\| verificationResult.error) {\n return Promise.reject(Error(verificationResult.error ?? translate('oid4vci_machine_credential_verification_failed_message')))\n }\n return verificationResult\n}\n\nexport const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Promise<MappedCredentialToAccept> => {\n const { credentialToAccept, hasher } = args\n\n const verifiableCredential = extractCredentialFromResponse(credentialToAccept.credentialResponse) as W3CVerifiableCredential\n\n const wrappedVerifiableCredential: WrappedVerifiableCredential = CredentialMapper.toWrappedVerifiableCredential(\n verifiableCredential as OriginalVerifiableCredential,\n { hasher },\n )\n let uniformVerifiableCredential: IVerifiableCredential\n if (CredentialMapper.isSdJwtDecodedCredential(wrappedVerifiableCredential.credential)) {\n uniformVerifiableCredential = sdJwtDecodedCredentialToUniformCredential(<SdJwtDecodedVerifiableCredential>wrappedVerifiableCredential.credential)\n } else if (CredentialMapper.isSdJwtEncoded(wrappedVerifiableCredential.credential)) {\n if (!hasher) {\n return Promise.reject('a hasher is required for encoded SD-JWT credentials')\n }\n const asyncHasher: Hasher = (data: string \| ArrayBuffer \| SharedArrayBuffer, algorithm: string) => Promise.resolve(hasher(data, algorithm))\n const decodedSdJwt = await CredentialMapper.decodeSdJwtVcAsync(wrappedVerifiableCredential.credential, asyncHasher)\n uniformVerifiableCredential = sdJwtDecodedCredentialToUniformCredential(<SdJwtDecodedVerifiableCredential>decodedSdJwt)\n } else if (CredentialMapper.isMsoMdocDecodedCredential(wrappedVerifiableCredential.credential)) {\n uniformVerifiableCredential = mdocDecodedCredentialToUniformCredential(wrappedVerifiableCredential.credential)\n } else {\n uniformVerifiableCredential = <IVerifiableCredential>wrappedVerifiableCredential.credential\n }\n\n const correlationId: string =\n typeof uniformVerifiableCredential.issuer === 'string'\n ? uniformVerifiableCredential.issuer\n : CredentialMapper.isSdJwtDecodedCredential(uniformVerifiableCredential)\n ? uniformVerifiableCredential.decodedPayload.iss\n : uniformVerifiableCredential.issuer.id\n\n const credentialResponse = credentialToAccept.credentialResponse as CredentialResponseV1_0_15\n return {\n correlationId,\n credentialToAccept,\n types: credentialToAccept.types,\n rawVerifiableCredential: verifiableCredential,\n uniformVerifiableCredential,\n ...(credentialResponse.credential_subject_issuance && { credential_subject_issuance: credentialResponse.credential_subject_issuance }),\n }\n}\n\nexport const extractCredentialFromResponse = (credentialResponse: CredentialResponse): OriginalVerifiableCredential => {\n let credential: OriginalVerifiableCredential \| undefined\n\n if ('credential' in credentialResponse) {\n credential = credentialResponse.credential as OriginalVerifiableCredential\n } else if (\n 'credentials' in credentialResponse &&\n credentialResponse.credentials &&\n Array.isArray(credentialResponse.credentials) &&\n credentialResponse.credentials.length > 0\n ) {\n credential = credentialResponse.credentials[0].credential as OriginalVerifiableCredential // FIXME SSISDK-13 (no multi-credential support yet)\n }\n\n if (!credential) {\n throw new Error('No credential found in credential response')\n }\n\n return credential\n}\n\nexport const getIdentifierOpts = async (args: GetIdentifierArgs): Promise<ManagedIdentifierResult> => {\n const { issuanceOpt, context } = args\n const { identifier: identifierArg } = issuanceOpt\n if (identifierArg && isManagedIdentifierResult(identifierArg)) {\n return identifierArg\n }\n const {\n supportedPreferredDidMethod,\n supportedBindingMethods,\n keyType = 'Secp256r1',\n kms = await context.agent.keyManagerGetDefaultKeyManagementSystem(),\n } = issuanceOpt\n let identifier: ManagedIdentifierResult\n\n if (identifierArg) {\n if (isIIdentifier(identifierArg.identifier)) {\n identifier = await context.agent.identifierManagedGet(identifierArg)\n } else if (!identifierArg.method && issuanceOpt.supportedBindingMethods.includes('jwk')) {\n identifier = await managedIdentifierToJwk(identifierArg, context)\n } else if (identifierArg.method && !supportedBindingMethods.includes(identifierArg.method)) {\n throw Error(`Supplied identifier method ${identifierArg.method} not supported by the issuer: ${supportedBindingMethods.join(',')}`)\n } else {\n identifier = await context.agent.identifierManagedGet(identifierArg)\n }\n }\n const agentContext = { ...context, agent: context.agent as DidAgents }\n\n if (\n (!identifierArg \|\| isIIdentifier(identifierArg.identifier)) &&\n supportedPreferredDidMethod &&\n (!supportedBindingMethods \|\| supportedBindingMethods.length === 0 \|\| supportedBindingMethods.filter((method) => method.startsWith('did')))\n ) {\n // previous code for managing DIDs only\n const { result, created } = await getOrCreatePrimaryIdentifier(agentContext, {\n method: supportedPreferredDidMethod,\n createOpts: {\n options: {\n type: issuanceOpt.keyType,\n use: KeyUse.Signature,\n codecName: issuanceOpt.codecName,\n kms: issuanceOpt.kms,\n },\n },\n })\n identifier = await context.agent.identifierManagedGetByDid({\n identifier: result,\n keyType,\n offlineWhenNoDIDRegistered: result.did.startsWith('did:ebsi:'),\n })\n if (created) {\n await agentContext.agent.emit(OID4VCIHolderEvent.IDENTIFIER_CREATED, { identifier })\n }\n } else if (supportedBindingMethods.includes('jwk')) {\n // todo: we probably should do something similar as with DIDs for re-use/new keys\n const key = await context.agent.keyManagerCreate({ type: keyType, kms, meta: { keyAlias: `key_${keyType}_${Date.now()}` } })\n // TODO. Create/move this to identifier service await agentContext.agent.emit(OID4VCIHolderEvent.IDENTIFIER_CREATED, { key })\n identifier = await managedIdentifierToJwk({ method: 'key', identifier: key, kmsKeyRef: key.kid }, context)\n // } else if (supportedBindingMethods.includes('cose_key')) {\n // // TODO COSE HERE\n // throw Error(`Holder currently does not support binding method: ${supportedBindingMethods.join(',')}`)\n } else {\n throw Error(`Holder currently does not support binding method: ${supportedBindingMethods.join(',')}`)\n }\n args.issuanceOpt.identifier = identifier\n return identifier\n}\n\nexport const getCredentialConfigsSupportedMerged = async (\n args: GetCredentialConfigsSupportedArgs,\n): Promise<Record<string, CredentialConfigurationSupported>> => {\n let result = {} as Record<string, CredentialConfigurationSupported>\n ;(await getCredentialConfigsSupported(args)).forEach((supported: Record<string, CredentialConfigurationSupported>) => {\n result = { ...result, ...supported }\n })\n return result\n}\n\nexport const getCredentialConfigsSupported = async (\n args: GetCredentialConfigsSupportedArgs,\n): Promise<Array<Record<string, CredentialConfigurationSupported>>> => {\n const { types, configurationIds } = args\n if (Array.isArray(types) && types.length > 0) {\n return Promise.all(types.map((type) => getCredentialConfigsSupportedBySingleTypeOrId({ ...args, types: type })))\n } else if (Array.isArray(configurationIds) && configurationIds.length > 0) {\n return Promise.all(\n configurationIds.map((configurationId) =>\n getCredentialConfigsSupportedBySingleTypeOrId({\n ...args,\n configurationId,\n types: undefined,\n }),\n ),\n )\n }\n const configs = await getCredentialConfigsSupportedBySingleTypeOrId({\n ...args,\n types: undefined,\n configurationId: undefined,\n })\n return configs && Object.keys(configs).length > 0 ? [configs] : []\n}\n/\n Please note that this method only returns configs supported for a single set of credential types or a single config id.\n * If an offer contains multiple formats/types in an array or multiple config ids, you will have to call this method for all of them\n * @param args\n /\nexport const getCredentialConfigsSupportedBySingleTypeOrId = async (\n args: GetCredentialConfigsSupportedBySingleTypeOrIdArgs,\n): Promise<Record<string, CredentialConfigurationSupported>> => {\n const { client, vcFormatPreferences, configurationId } = args\n let { format = undefined, types = undefined } = args\n\n function createIdFromTypes(supported: CredentialConfigurationSupported) {\n const format = supported.format\n const type: string = getTypesFromObject(supported)?.join() ?? ''\n const id = `${type}:${format}`\n return id\n }\n\n if (configurationId) {\n const allSupported = client.getCredentialsSupported(undefined, format)\n return Object.fromEntries(\n Object.entries(allSupported).filter(\n ([id, supported]) => id === configurationId \|\| supported.id === configurationId \|\| createIdFromTypes(supported) === configurationId,\n ),\n )\n }\n\n if (!client.credentialOffer) {\n return Promise.reject(Error('openID4VCIClient has no credentialOffer'))\n }\n if (!types) {\n return Promise.reject(Error('openID4VCIClient has no types'))\n }\n\n const offerSupported = getSupportedCredentials({\n types: [types],\n format,\n version: client.version(),\n issuerMetadata: client.endpointMetadata.credentialIssuerMetadata,\n })\n let allSupported: Record<string, CredentialConfigurationSupported>\n\n if (!Array.isArray(offerSupported)) {\n allSupported = offerSupported\n } else {\n allSupported = {} satisfies Record<string, CredentialConfigurationSupported>\n offerSupported.forEach((supported) => {\n if (supported.id) {\n allSupported[supported.id as string] = supported\n return\n }\n const id = createIdFromTypes(supported)\n allSupported[id] = supported\n })\n }\n\n let credentialConfigsSupported = await getCredentialConfigsBasedOnFormatPref({\n credentials: allSupported,\n vcFormatPreferences,\n })\n if (!credentialConfigsSupported \|\| Object.keys(credentialConfigsSupported).length === 0) {\n LOG.warning(`No matching supported credential found for ${client.getIssuer()}`)\n }\n\n if (client.credentialOffer === undefined) {\n return credentialConfigsSupported\n }\n // Filter configurations based on the credential offer IDs\n const credentialOffer = client.credentialOffer.credential_offer\n\n let credentialsToOffer: Record<string, CredentialConfigurationSupported>\n if ('credential_configuration_ids' in credentialOffer) {\n credentialsToOffer = Object.fromEntries(\n Object.entries(credentialConfigsSupported).filter(([configId, config]) => credentialOffer.credential_configuration_ids.includes(configId)),\n )\n if (Object.keys(credentialsToOffer).length === 0) {\n throw new Error(`No matching supported credential configs found for offer ${credentialOffer.credential_configuration_ids.join(', ')}`)\n }\n } else {\n credentialsToOffer = credentialConfigsSupported\n }\n if (Object.keys(credentialsToOffer).length === 0) {\n // Same check as above, but more generic error message, as it can also apply to below draft 13\n throw new Error(`No matching supported credential configs found for offer`)\n }\n\n return credentialsToOffer\n}\n\nexport const getIssuanceOpts = async (args: GetIssuanceOptsArgs): Promise<Array<IssuanceOpts>> => {\n const {\n client,\n credentialsSupported,\n // serverMetadata,\n context,\n didMethodPreferences,\n jwtCryptographicSuitePreferences,\n jsonldCryptographicSuitePreferences,\n forceIssuanceOpt,\n } = args\n\n if (credentialsSupported === undefined \|\| Object.keys(credentialsSupported).length === 0) {\n return Promise.reject(Error('No credentials supported'))\n }\n\n const getIssuanceOpts: Array<Promise<IssuanceOpts>> = Object.values(credentialsSupported).map(async (credentialSupported) => {\n /if (!serverMetadata?.credentialIssuerMetadata) {\n return await getDefaultIssuanceOpts({ credentialSupported, opts: { client }, context })\n }/\n\n const cryptographicSuite: string = await getIssuanceCryptoSuite({\n credentialSupported,\n client,\n jwtCryptographicSuitePreferences,\n jsonldCryptographicSuitePreferences,\n })\n const { didMethod, methods } = await getIssuanceMethod({\n credentialSupported,\n client,\n didMethodPreferences,\n })\n if (methods.length == 0) {\n console.log(`Could not determine supported cryptographic_binding_methods_supported, will use DIDs`)\n methods.push('did')\n }\n const issuanceOpt = forceIssuanceOpt\n ? { ...credentialSupported, ...forceIssuanceOpt }\n : ({\n ...credentialSupported,\n supportedPreferredDidMethod: didMethod,\n supportedBindingMethods: methods,\n format: credentialSupported.format,\n keyType: client.isEBSI() ? 'Secp256r1' : keyTypeFromCryptographicSuite({ crv: cryptographicSuite }),\n ...(client.isEBSI() && { codecName: 'EBSI' }),\n } satisfies IssuanceOpts)\n const identifier = await getIdentifierOpts({ issuanceOpt, context })\n if (!client.clientId && isManagedIdentifierDidResult(identifier)) {\n // FIXME: We really should fetch server metadata. Have user select required credentials. Take the first cred to determine a kid when no clientId is present and set that.\n // Needs a preference service for crypto, keys, dids, and clientId, with ecosystem support\n client.clientId = identifier.issuer ?? identifier.did\n }\n return { ...issuanceOpt, identifier }\n })\n\n return await Promise.all(getIssuanceOpts)\n}\n\nexport const getIssuanceMethod = async (\n opts: GetIssuanceDidMethodArgs,\n): Promise<{\n methods: ManagedIdentifierMethod[]\n didMethod?: SupportedDidMethodEnum\n}> => {\n const { client, credentialSupported, didMethodPreferences } = opts\n const { format, cryptographic_binding_methods_supported } = credentialSupported\n let methods: ManagedIdentifierMethod[] = [] // we use the external identifier method, as we should be supporting all values in the server metadata anyway\n if (cryptographic_binding_methods_supported && Array.isArray(cryptographic_binding_methods_supported)) {\n methods = cryptographic_binding_methods_supported as ManagedIdentifierMethod[]\n const didMethods: SupportedDidMethodEnum \| undefined = didMethodPreferences.find((method: SupportedDidMethodEnum) =>\n cryptographic_binding_methods_supported.includes(`did:${method.toLowerCase() /.replace('did:', '')/}`),\n )\n if (didMethods) {\n return { methods, didMethod: didMethods }\n } else if (cryptographic_binding_methods_supported.includes('did')) {\n return { methods, didMethod: format ? didMethodPreferences[1] : didMethodPreferences[0] }\n } else if (methods.length > 0) {\n return { methods }\n }\n console.warn(\n `We should have been able to determine cryptographic_binding_methods_supported, will fall back to legacy behaviour. This is likely a bug`,\n )\n }\n\n if (client.isEBSI()) {\n return { methods: ['did'], didMethod: SupportedDidMethodEnum.DID_KEY }\n }\n\n // legacy fallback\n methods = ['did']\n if (!format \|\| (format.includes('jwt') && !format?.includes('jwt_vc_json_ld'))) {\n return { methods, didMethod: format ? didMethodPreferences[1] : didMethodPreferences[0] }\n } else {\n // JsonLD\n return { methods, didMethod: didMethodPreferences[0] }\n }\n}\n\nexport const getIssuanceCryptoSuite = async (opts: GetIssuanceCryptoSuiteArgs): Promise<string> => {\n const { client, credentialSupported, jwtCryptographicSuitePreferences, jsonldCryptographicSuitePreferences } = opts\n\n let signing_algs_supported: Array<string>\n if ('proof_types_supported' in credentialSupported && credentialSupported.proof_types_supported) {\n if ('jwt' in credentialSupported.proof_types_supported && credentialSupported.proof_types_supported.jwt) {\n signing_algs_supported = credentialSupported.proof_types_supported.jwt.proof_signing_alg_values_supported\n } else if ('ldp_vp' in credentialSupported.proof_types_supported && credentialSupported.proof_types_supported.ldp_vp) {\n signing_algs_supported = credentialSupported.proof_types_supported.ldp_vp.proof_signing_alg_values_supported\n } else if ('cwt' in credentialSupported.proof_types_supported && credentialSupported.proof_types_supported.cwt) {\n signing_algs_supported = credentialSupported.proof_types_supported.cwt.proof_signing_alg_values_supported\n console.error('cwt proof type not supported. Likely that errors will occur after this point')\n } else {\n return Promise.reject(Error(`Unsupported proof_types_supported`))\n }\n } else {\n signing_algs_supported = asArray(\n // @ts-ignore // legacy\n credentialSupported.credential_signing_alg_values_supported ?? credentialSupported.proof_signing_alg_values_supported ?? [],\n )\n }\n\n // TODO: Return array, so the wallet/user could choose\n switch (credentialSupported.format) {\n // @ts-ignore legacy value\n case 'jwt':\n case 'jwt_vc_json':\n case 'jwt_vc':\n case 'vc+sd-jwt':\n case 'dc+sd-jwt':\n case 'mso_mdoc': {\n const supportedPreferences: Array<JoseSignatureAlgorithm \| JoseSignatureAlgorithmString> = jwtCryptographicSuitePreferences.filter(\n (suite: JoseSignatureAlgorithm \| JoseSignatureAlgorithmString) => signing_algs_supported.includes(suite),\n )\n\n if (supportedPreferences.length > 0) {\n return supportedPreferences[0]\n } else if (client.isEBSI()) {\n return JoseSignatureAlgorithm.ES256\n }\n\n // if we cannot find supported cryptographic suites, we just try with the first preference\n const fallback = jwtCryptographicSuitePreferences[0]\n console.log(`Warn: We could not determine the crypto suites from the server metadata, and will fallback to a default: ${fallback}`)\n return fallback\n }\n // @ts-ignore\n case 'ldp':\n // @ts-ignore\n case 'jwt_vc_json_ld':\n case 'ldp_vc': {\n const supportedPreferences: Array<string> = jsonldCryptographicSuitePreferences.filter((suite: string) =>\n signing_algs_supported.includes(suite),\n )\n if (supportedPreferences.length > 0) {\n return supportedPreferences[0]\n }\n\n // if we cannot find supported cryptographic suites, we just try with the first preference\n const fallback = jsonldCryptographicSuitePreferences[0]\n console.log(`Warn: We could not determine the crypto suites from the server metadata, and will fallback to a default: ${fallback}`)\n return fallback\n }\n default:\n return Promise.reject(Error(`Credential format '${credentialSupported.format}' not supported`))\n }\n}\n\nexport const startFirstPartApplicationMachine = async (\n args: StartFirstPartApplicationMachine,\n context: RequiredContext,\n): Promise<AuthorizationChallengeCodeResponse \| string> => {\n const { openID4VCIClientState, stateNavigationListener, contact } = args\n\n if (!openID4VCIClientState) {\n return Promise.reject(Error('Missing openID4VCI client state in context'))\n }\n\n if (!contact) {\n return Promise.reject(Error('Missing contact in context'))\n }\n\n const firstPartyMachineInstance = FirstPartyMachine.newInstance({\n openID4VCIClientState,\n contact,\n agentContext: context,\n stateNavigationListener,\n })\n\n return new Promise((resolve, reject) => {\n try {\n firstPartyMachineInstance.onTransition((state: FirstPartyMachineState) => {\n if (state.matches(FirstPartyMachineStateTypes.done)) {\n const authorizationCodeResponse = state.context.authorizationCodeResponse\n if (!authorizationCodeResponse) {\n reject(Error('No authorizationCodeResponse acquired'))\n }\n resolve(authorizationCodeResponse!)\n } else if (state.matches(FirstPartyMachineStateTypes.aborted)) {\n resolve(FirstPartyMachineStateTypes.aborted)\n } else if (state.matches(FirstPartyMachineStateTypes.declined)) {\n resolve(FirstPartyMachineStateTypes.declined)\n } else if (state.matches(FirstPartyMachineStateTypes.error)) {\n reject(state.context.error)\n }\n })\n firstPartyMachineInstance.start()\n } catch (error) {\n reject(error)\n }\n })\n}\n","import { assign, createMachine, DoneInvokeEvent, interpret } from 'xstate'\nimport { AuthorizationChallengeCodeResponse, AuthorizationChallengeError, AuthorizationChallengeErrorResponse } from '@sphereon/oid4vci-common'\nimport { DidAuthConfig } from '@sphereon/ssi-sdk.data-store-types'\nimport { CreateConfigResult } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport { createConfig, getSiopRequest, sendAuthorizationChallengeRequest, sendAuthorizationResponse } from '../services/FirstPartyMachineServices'\nimport { translate } from '../localization/Localization'\nimport { ErrorDetails } from '../types/IOID4VCIHolder'\nimport {\n CreateConfigArgs,\n CreateFirstPartyMachineOpts,\n FirstPartyMachineContext,\n FirstPartyMachineEvents,\n FirstPartyMachineEventTypes,\n FirstPartyMachineInterpreter,\n FirstPartyMachineServices,\n FirstPartyMachineState,\n FirstPartyMachineStatesConfig,\n FirstPartyMachineStateTypes,\n FirstPartyMachineServiceDefinitions,\n FirstPartyStateMachine,\n GetSiopRequestArgs,\n InstanceFirstPartyMachineOpts,\n SiopV2AuthorizationRequestData,\n SendAuthorizationResponseArgs,\n FirstPartySelectCredentialsEvent,\n} from '../types/FirstPartyMachine'\n\nconst firstPartyMachineStates: FirstPartyMachineStatesConfig = {\n [FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest]: {\n id: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,\n invoke: {\n src: FirstPartyMachineServices.sendAuthorizationChallengeRequest,\n onDone: {\n target: FirstPartyMachineStateTypes.done,\n actions: assign({\n authorizationCodeResponse: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeCodeResponse>) => _event.data,\n }),\n },\n onError: [\n {\n target: FirstPartyMachineStateTypes.createConfig,\n cond: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>): boolean =>\n _event.data.error === AuthorizationChallengeError.insufficient_authorization,\n actions: assign({\n authSession: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>) => _event.data.auth_session,\n presentationUri: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>) =>\n _event.data.presentation,\n }),\n },\n {\n target: FirstPartyMachineStateTypes.error,\n actions: assign({\n error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_send_authorization_challenge_request_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n ],\n },\n },\n [FirstPartyMachineStateTypes.createConfig]: {\n id: FirstPartyMachineStateTypes.createConfig,\n invoke: {\n src: FirstPartyMachineServices.createConfig,\n onDone: {\n target: FirstPartyMachineStateTypes.getSiopRequest,\n actions: assign({\n didAuthConfig: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<DidAuthConfig>) => _event.data,\n }),\n },\n onError: {\n target: FirstPartyMachineStateTypes.error,\n actions: assign({\n error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_create_config_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [FirstPartyMachineStateTypes.getSiopRequest]: {\n id: FirstPartyMachineStateTypes.getSiopRequest,\n invoke: {\n src: FirstPartyMachineServices.getSiopRequest,\n onDone: {\n target: FirstPartyMachineStateTypes.selectCredentials,\n actions: assign({\n authorizationRequestData: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<SiopV2AuthorizationRequestData>) => _event.data,\n }),\n },\n onError: {\n target: FirstPartyMachineStateTypes.error,\n actions: assign({\n error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('siopV2_machine_get_request_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [FirstPartyMachineStateTypes.selectCredentials]: {\n id: FirstPartyMachineStateTypes.selectCredentials,\n on: {\n [FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS]: {\n actions: assign({ selectedCredentials: (_ctx: FirstPartyMachineContext, _event: FirstPartySelectCredentialsEvent) => _event.data }),\n },\n [FirstPartyMachineEvents.NEXT]: {\n target: FirstPartyMachineStateTypes.sendAuthorizationResponse,\n },\n [FirstPartyMachineEvents.DECLINE]: {\n target: FirstPartyMachineStateTypes.declined,\n },\n [FirstPartyMachineEvents.PREVIOUS]: {\n target: FirstPartyMachineStateTypes.aborted,\n },\n },\n },\n [FirstPartyMachineStateTypes.sendAuthorizationResponse]: {\n id: FirstPartyMachineStateTypes.sendAuthorizationResponse,\n invoke: {\n src: FirstPartyMachineServices.sendAuthorizationResponse,\n onDone: {\n target: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,\n actions: assign({\n presentationDuringIssuanceSession: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<string>) => _event.data,\n }),\n },\n onError: {\n target: FirstPartyMachineStateTypes.error,\n actions: assign({\n error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_get_request_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [FirstPartyMachineStateTypes.aborted]: {\n id: FirstPartyMachineStateTypes.aborted,\n type: 'final',\n },\n [FirstPartyMachineStateTypes.declined]: {\n id: FirstPartyMachineStateTypes.declined,\n type: 'final',\n },\n [FirstPartyMachineStateTypes.error]: {\n id: FirstPartyMachineStateTypes.error,\n type: 'final',\n },\n [FirstPartyMachineStateTypes.done]: {\n id: FirstPartyMachineStateTypes.done,\n type: 'final',\n },\n}\n\nconst createFirstPartyActivationMachine = (opts: CreateFirstPartyMachineOpts): FirstPartyStateMachine => {\n const initialContext: FirstPartyMachineContext = {\n openID4VCIClientState: opts.openID4VCIClientState,\n contact: opts.contact,\n selectedCredentials: [],\n }\n\n return createMachine<FirstPartyMachineContext, FirstPartyMachineEventTypes>({\n id: opts?.machineId ?? 'FirstParty',\n predictableActionArguments: true,\n initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,\n context: initialContext,\n states: firstPartyMachineStates,\n schema: {\n events: {} as FirstPartyMachineEventTypes,\n services: {} as {\n [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: {\n data: void\n }\n [FirstPartyMachineServices.createConfig]: {\n data: CreateConfigResult\n }\n [FirstPartyMachineServices.getSiopRequest]: {\n data: SiopV2AuthorizationRequestData\n }\n [FirstPartyMachineServices.sendAuthorizationResponse]: {\n data: string\n }\n },\n },\n })\n}\n\nexport class FirstPartyMachine {\n private static _instance: FirstPartyMachineInterpreter \| undefined\n\n static hasInstance(): boolean {\n return FirstPartyMachine._instance !== undefined\n }\n\n static get instance(): FirstPartyMachineInterpreter {\n if (!FirstPartyMachine._instance) {\n throw Error('Please initialize ESIMActivation machine first')\n }\n return FirstPartyMachine._instance\n }\n\n static clearInstance(opts: { stop: boolean }) {\n const { stop } = opts\n if (FirstPartyMachine.hasInstance()) {\n if (stop) {\n FirstPartyMachine.stopInstance()\n }\n }\n FirstPartyMachine._instance = undefined\n }\n\n static stopInstance(): void {\n if (!FirstPartyMachine.hasInstance()) {\n return\n }\n FirstPartyMachine.instance.stop()\n FirstPartyMachine._instance = undefined\n }\n\n public static newInstance(opts: InstanceFirstPartyMachineOpts): FirstPartyMachineInterpreter {\n const { agentContext } = opts\n const services: FirstPartyMachineServiceDefinitions = {\n [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,\n [FirstPartyMachineServices.createConfig]: (args: CreateConfigArgs) => createConfig(args, agentContext),\n [FirstPartyMachineServices.getSiopRequest]: (args: GetSiopRequestArgs) => getSiopRequest(args, agentContext),\n [FirstPartyMachineServices.sendAuthorizationResponse]: (args: SendAuthorizationResponseArgs) => sendAuthorizationResponse(args, agentContext),\n }\n\n const newInst: FirstPartyMachineInterpreter = interpret(\n createFirstPartyActivationMachine(opts).withConfig({\n services: {\n ...services,\n ...opts?.services,\n },\n guards: {\n ...opts?.guards,\n },\n }),\n )\n\n if (typeof opts?.subscription === 'function') {\n newInst.onTransition(opts.subscription)\n }\n\n if (opts?.requireCustomNavigationHook !== true) {\n newInst.onTransition((snapshot: FirstPartyMachineState): void => {\n if (opts?.stateNavigationListener) {\n void opts.stateNavigationListener(newInst, snapshot)\n }\n })\n }\n\n return newInst\n }\n\n static getInstance(\n opts: InstanceFirstPartyMachineOpts & {\n requireExisting?: boolean\n },\n ): FirstPartyMachineInterpreter {\n if (!FirstPartyMachine._instance) {\n if (opts?.requireExisting === true) {\n throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`)\n }\n FirstPartyMachine._instance = FirstPartyMachine.newInstance(opts)\n }\n return FirstPartyMachine._instance\n }\n}\n","import { OpenID4VCIClient } from '@sphereon/oid4vci-client'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AuthorizationChallengeCodeResponse } from '@sphereon/oid4vci-common'\nimport { CreateConfigResult } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport { v4 as uuidv4 } from 'uuid'\nimport { RequiredContext } from '../types/IOID4VCIHolder'\nimport {\n CreateConfigArgs,\n GetSiopRequestArgs,\n SendAuthorizationChallengeRequestArgs,\n SendAuthorizationResponseArgs,\n SiopV2AuthorizationRequestData,\n} from '../types/FirstPartyMachine'\n\nexport const sendAuthorizationChallengeRequest = async (args: SendAuthorizationChallengeRequestArgs): Promise<AuthorizationChallengeCodeResponse> => {\n const { openID4VCIClientState, authSession, presentationDuringIssuanceSession } = args\n\n const oid4vciClient = await OpenID4VCIClient.fromState({ state: openID4VCIClientState })\n return oid4vciClient.acquireAuthorizationChallengeCode({\n clientId: oid4vciClient.clientId ?? uuidv4(),\n ...(authSession && { authSession }),\n ...(!authSession &&\n openID4VCIClientState.credentialOffer?.preAuthorizedCode && { issuerState: openID4VCIClientState.credentialOffer?.preAuthorizedCode }),\n ...(!authSession && openID4VCIClientState.credentialOffer?.issuerState && { issuerState: openID4VCIClientState.credentialOffer?.issuerState }),\n ...(presentationDuringIssuanceSession && { presentationDuringIssuanceSession }),\n })\n}\n\nexport const createConfig = async (args: CreateConfigArgs, context: RequiredContext): Promise<CreateConfigResult> => {\n const { presentationUri } = args\n\n if (!presentationUri) {\n return Promise.reject(Error('Missing presentation uri in context'))\n }\n\n return context.agent.siopCreateConfig({ url: presentationUri })\n}\n\nexport const getSiopRequest = async (args: GetSiopRequestArgs, context: RequiredContext): Promise<SiopV2AuthorizationRequestData> => {\n const { didAuthConfig, presentationUri } = args\n\n if (presentationUri === undefined) {\n return Promise.reject(Error('Missing presentation uri in context'))\n }\n\n if (didAuthConfig === undefined) {\n return Promise.reject(Error('Missing did auth config in context'))\n }\n\n return context.agent.siopGetSiopRequest({ didAuthConfig, url: presentationUri })\n}\n\nexport const sendAuthorizationResponse = async (args: SendAuthorizationResponseArgs, context: RequiredContext): Promise<string> => {\n const { didAuthConfig, authorizationRequestData, selectedCredentials } = args\n\n const responseData = await context.agent.siopSendResponse({\n authorizationRequestData,\n selectedCredentials,\n didAuthConfig,\n isFirstParty: true,\n })\n\n return (<AuthorizationChallengeValidationResponse>responseData.body).presentation_during_issuance_session\n}\n","import { CredentialsSupportedDisplay, NameAndLocale } from '@sphereon/oid4vci-common'\nimport { IBasicCredentialClaim, IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store-types'\nimport { SdJwtClaimDisplayMetadata, SdJwtClaimMetadata, SdJwtClaimPath, SdJwtTypeDisplayMetadata } from '@sphereon/ssi-types'\nimport {\n IssuerLocaleBrandingFromArgs,\n Oid4vciCombineDisplayLocalesFromArgs,\n Oid4vciCredentialDisplayLocalesFromArgs,\n Oid4vciCredentialLocaleBrandingFromArgs,\n Oid4vciGetCredentialBrandingFromArgs,\n Oid4vciIssuerCredentialSubjectLocalesFromArgs,\n SdJwtCombineDisplayLocalesFromArgs,\n SdJwtCredentialClaimLocalesFromArgs,\n SdJwtCredentialDisplayLocalesFromArgs,\n SdJwtCredentialLocaleBrandingFromArgs,\n SdJwtGetCredentialBrandingFromArgs,\n} from '../types/IOID4VCIHolder'\n\n// FIXME should we not move this to the branding plugin?\n\nexport const oid4vciGetCredentialBrandingFrom = async (\n args: Oid4vciGetCredentialBrandingFromArgs,\n): Promise<Array<IBasicCredentialLocaleBranding>> => {\n const { credentialDisplay, issuerCredentialSubject } = args\n\n return oid4vciCombineDisplayLocalesFrom({\n ...(issuerCredentialSubject && { issuerCredentialSubjectLocales: await oid4vciIssuerCredentialSubjectLocalesFrom({ issuerCredentialSubject }) }),\n ...(credentialDisplay && { credentialDisplayLocales: await oid4vciCredentialDisplayLocalesFrom({ credentialDisplay }) }),\n })\n}\n\nexport const oid4vciCredentialDisplayLocalesFrom = async (\n args: Oid4vciCredentialDisplayLocalesFromArgs,\n): Promise<Map<string, CredentialsSupportedDisplay>> => {\n const { credentialDisplay } = args\n return credentialDisplay.reduce((localeDisplays, display) => {\n const localeKey = display.locale \|\| ''\n localeDisplays.set(localeKey, display)\n return localeDisplays\n }, new Map<string, CredentialsSupportedDisplay>())\n}\n\nexport const oid4vciIssuerCredentialSubjectLocalesFrom = async (\n args: Oid4vciIssuerCredentialSubjectLocalesFromArgs,\n): Promise<Map<string, Array<IBasicCredentialClaim>>> => {\n const { issuerCredentialSubject } = args\n const localeClaims = new Map<string, Array<IBasicCredentialClaim>>()\n\n const processClaimObject = (claim: any, parentKey: string = ''): void => {\n Object.entries(claim).forEach(([key, value]): void => {\n if (key === 'mandatory' \|\| key === 'value_type') {\n return\n }\n\n if (key === 'display' && Array.isArray(value)) {\n value.forEach(({ name, locale = '' }: NameAndLocale): void => {\n if (!name) {\n return\n }\n\n //const localeKey = locale \|\| ''\n if (!localeClaims.has(locale)) {\n localeClaims.set(locale, [])\n }\n localeClaims.get(locale)!.push({ key: parentKey, name })\n })\n } else if (typeof value === 'object' && value !== null) {\n processClaimObject(value, parentKey ? `${parentKey}.${key}` : key)\n }\n })\n }\n\n processClaimObject(issuerCredentialSubject)\n return localeClaims\n}\n\nexport const oid4vciCredentialLocaleBrandingFrom = async (args: Oid4vciCredentialLocaleBrandingFromArgs): Promise<IBasicCredentialLocaleBranding> => {\n const { credentialDisplay } = args\n\n return {\n ...(credentialDisplay.name && {\n alias: credentialDisplay.name,\n }),\n ...(credentialDisplay.locale && {\n locale: credentialDisplay.locale,\n }),\n ...(credentialDisplay.logo && {\n logo: {\n ...((credentialDisplay.logo.url \|\| <string>credentialDisplay.logo.uri) && {\n uri: credentialDisplay.logo?.url ?? <string>credentialDisplay.logo.uri,\n }),\n ...(credentialDisplay.logo.alt_text && {\n alt: credentialDisplay.logo?.alt_text,\n }),\n },\n }),\n ...(credentialDisplay.description && {\n description: credentialDisplay.description,\n }),\n\n ...(credentialDisplay.text_color && {\n text: {\n color: credentialDisplay.text_color,\n },\n }),\n ...((credentialDisplay.background_image \|\| credentialDisplay.background_color) && {\n background: {\n ...(credentialDisplay.background_image && {\n image: {\n ...((credentialDisplay.background_image.url \|\| <string>credentialDisplay.background_image.uri) && {\n uri: credentialDisplay.background_image?.url ?? <string>credentialDisplay.background_image.uri,\n }),\n ...(credentialDisplay.background_image.alt_text && {\n alt: credentialDisplay.background_image?.alt_text,\n }),\n },\n }),\n ...(credentialDisplay.background_color && {\n color: credentialDisplay.background_color,\n }),\n },\n }),\n }\n}\n\nexport const oid4vciCombineDisplayLocalesFrom = async (\n args: Oid4vciCombineDisplayLocalesFromArgs,\n): Promise<Array<IBasicCredentialLocaleBranding>> => {\n const {\n credentialDisplayLocales = new Map<string, CredentialsSupportedDisplay>(),\n issuerCredentialSubjectLocales = new Map<string, Array<IBasicCredentialClaim>>(),\n } = args\n\n const locales: Array<string> = Array.from(new Set([...issuerCredentialSubjectLocales.keys(), ...credentialDisplayLocales.keys()]))\n\n return Promise.all(\n locales.map(async (locale: string): Promise<IBasicCredentialLocaleBranding> => {\n const display = credentialDisplayLocales.get(locale)\n const claims = issuerCredentialSubjectLocales.get(locale)\n\n return {\n ...(display && (await oid4vciCredentialLocaleBrandingFrom({ credentialDisplay: display }))),\n ...(locale.length > 0 && { locale }),\n claims,\n }\n }),\n )\n}\n\nexport const sdJwtGetCredentialBrandingFrom = async (args: SdJwtGetCredentialBrandingFromArgs): Promise<Array<IBasicCredentialLocaleBranding>> => {\n const { credentialDisplay, claimsMetadata } = args\n\n return sdJwtCombineDisplayLocalesFrom({\n ...(claimsMetadata && { claimsMetadata: await sdJwtCredentialClaimLocalesFrom({ claimsMetadata }) }),\n ...(credentialDisplay && { credentialDisplayLocales: await sdJwtCredentialDisplayLocalesFrom({ credentialDisplay }) }),\n })\n}\n\nexport const sdJwtCredentialDisplayLocalesFrom = async (\n args: SdJwtCredentialDisplayLocalesFromArgs,\n): Promise<Map<string, SdJwtTypeDisplayMetadata>> => {\n const { credentialDisplay } = args\n return credentialDisplay.reduce((localeDisplays, display) => {\n const localeKey = display.lang \|\| ''\n localeDisplays.set(localeKey, display)\n return localeDisplays\n }, new Map<string, SdJwtTypeDisplayMetadata>())\n}\n\nexport const sdJwtCredentialClaimLocalesFrom = async (\n args: SdJwtCredentialClaimLocalesFromArgs,\n): Promise<Map<string, Array<IBasicCredentialClaim>>> => {\n const { claimsMetadata } = args\n const localeClaims = new Map<string, Array<IBasicCredentialClaim>>()\n\n claimsMetadata.forEach((claim: SdJwtClaimMetadata): void => {\n claim.display?.forEach((display: SdJwtClaimDisplayMetadata): void => {\n const { lang = '', label } = display\n const key = claim.path.map((value: SdJwtClaimPath) => String(value)).join('.')\n if (!localeClaims.has(lang)) {\n localeClaims.set(lang, [])\n }\n localeClaims.get(lang)!.push({ key, name: label })\n })\n })\n\n return localeClaims\n}\n\nexport const sdJwtCredentialLocaleBrandingFrom = async (args: SdJwtCredentialLocaleBrandingFromArgs): Promise<IBasicCredentialLocaleBranding> => {\n const { credentialDisplay } = args\n\n return {\n ...(credentialDisplay.name && {\n alias: credentialDisplay.name,\n }),\n ...(credentialDisplay.lang && {\n locale: credentialDisplay.lang,\n }),\n ...(credentialDisplay.rendering?.simple?.logo && {\n logo: {\n ...(credentialDisplay.rendering.simple.logo.uri && {\n uri: credentialDisplay.rendering.simple.logo.uri,\n }),\n ...(credentialDisplay.rendering.simple.logo.alt_text && {\n alt: credentialDisplay.rendering.simple.logo.alt_text,\n }),\n },\n }),\n ...(credentialDisplay.description && {\n description: credentialDisplay.description,\n }),\n ...(credentialDisplay.rendering?.simple?.text_color && {\n text: {\n color: credentialDisplay.rendering.simple.text_color,\n },\n }),\n ...(credentialDisplay.rendering?.simple?.background_color && {\n background: {\n color: credentialDisplay.rendering.simple.background_color,\n },\n }),\n }\n}\n\nexport const sdJwtCombineDisplayLocalesFrom = async (args: SdJwtCombineDisplayLocalesFromArgs): Promise<Array<IBasicCredentialLocaleBranding>> => {\n const { credentialDisplayLocales = new Map<string, SdJwtTypeDisplayMetadata>(), claimsMetadata = new Map<string, Array<IBasicCredentialClaim>>() } =\n args\n\n const locales: Array<string> = Array.from(new Set([...claimsMetadata.keys(), ...credentialDisplayLocales.keys()]))\n\n return Promise.all(\n locales.map(async (locale: string): Promise<IBasicCredentialLocaleBranding> => {\n const display = credentialDisplayLocales.get(locale)\n const claims = claimsMetadata.get(locale)\n\n return {\n ...(display && (await sdJwtCredentialLocaleBrandingFrom({ credentialDisplay: display }))),\n ...(locale.length > 0 && { locale }),\n claims,\n }\n }),\n )\n}\n\n// TODO since dynamicRegistrationClientMetadata can also be on a RP, we should start using this mapper in a more general way\nexport const issuerLocaleBrandingFrom = async (args: IssuerLocaleBrandingFromArgs): Promise<IBasicIssuerLocaleBranding> => {\n const { issuerDisplay, dynamicRegistrationClientMetadata } = args\n\n return {\n ...(dynamicRegistrationClientMetadata?.client_name && {\n alias: dynamicRegistrationClientMetadata.client_name,\n }),\n ...(issuerDisplay.name && {\n alias: issuerDisplay.name,\n }),\n ...(issuerDisplay.locale && {\n locale: issuerDisplay.locale,\n }),\n ...((issuerDisplay.logo \|\| dynamicRegistrationClientMetadata?.logo_uri) && {\n logo: {\n ...(dynamicRegistrationClientMetadata?.logo_uri && {\n uri: dynamicRegistrationClientMetadata?.logo_uri,\n }),\n ...((issuerDisplay.logo?.url \|\| <string>issuerDisplay.logo?.uri) && {\n uri: issuerDisplay.logo?.url ?? <string>issuerDisplay.logo?.uri,\n }),\n ...(issuerDisplay.logo?.alt_text && {\n alt: issuerDisplay.logo?.alt_text,\n }),\n },\n }),\n ...(issuerDisplay.description && {\n description: issuerDisplay.description,\n }),\n ...(issuerDisplay.text_color && {\n text: {\n color: issuerDisplay.text_color,\n },\n }),\n ...(dynamicRegistrationClientMetadata?.client_uri && {\n clientUri: dynamicRegistrationClientMetadata.client_uri,\n }),\n ...(dynamicRegistrationClientMetadata?.tos_uri && {\n tosUri: dynamicRegistrationClientMetadata.tos_uri,\n }),\n ...(dynamicRegistrationClientMetadata?.policy_uri && {\n policyUri: dynamicRegistrationClientMetadata.policy_uri,\n }),\n ...(dynamicRegistrationClientMetadata?.contacts && {\n contacts: dynamicRegistrationClientMetadata.contacts,\n }),\n }\n}\n","import { Loggers, LogLevel, LogMethod } from '@sphereon/ssi-types'\nimport { OID4VCIMachineInterpreter, OID4VCIMachineState, OID4VCIMachineStates } from '../types/IOID4VCIHolder'\n\nconst logger = Loggers.DEFAULT.options('sphereon:oid4vci:holder', { defaultLogLevel: LogLevel.DEBUG, methods: [LogMethod.CONSOLE] }).get(\n 'sphereon:oid4vci:holder',\n)\n\nexport const OID4VCICallbackStateListener = (\n callbacks?: Map<OID4VCIMachineStates, (machine: OID4VCIMachineInterpreter, state: OID4VCIMachineState, opts?: any) => Promise<void>>,\n) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState): Promise<void> => {\n if (state._event.type === 'internal') {\n logger.debug('oid4vciCallbackStateListener: internal event')\n // Make sure we do not navigate when triggered by an internal event. We need to stay on current screen\n // Make sure we do not navigate when state has not changed\n return\n }\n logger.info(`VCI state listener state: ${JSON.stringify(state.value)}`)\n\n if (!callbacks \|\| callbacks.size === 0) {\n logger.info(`VCI no callbacks registered for state: ${JSON.stringify(state.value)}`)\n return\n }\n\n for (const [stateKey, callback] of callbacks) {\n if (state.matches(stateKey)) {\n logger.log(`VCI state callback for state: ${JSON.stringify(state.value)}, will execute...`)\n await callback(oid4vciMachine, state)\n .then(() => logger.log(`state callback executed for state: ${JSON.stringify(state.value)}`))\n .catch((error) => {\n logger.error(\n `VCI state callback failed for state: ${JSON.stringify(state.value)}, error: ${JSON.stringify(error?.message)}, ${JSON.stringify(state.event)}`,\n )\n if (error.stack) {\n logger.error(error.stack)\n }\n })\n break\n }\n }\n }\n}\n","import { CredentialOfferClient } from '@sphereon/oid4vci-client'\nimport { AuthorizationRequestOpts, AuthorizationServerClientOpts, AuthzFlowType, convertURIToJsonObject } from '@sphereon/oid4vci-common'\nimport { DefaultLinkPriorities, LinkHandlerAdapter } from '@sphereon/ssi-sdk.core'\nimport { IMachineStatePersistence, interpreterStartOrResume, SerializableState } from '@sphereon/ssi-sdk.xstate-machine-persistence'\nimport { IAgentContext } from '@veramo/core'\nimport { GetMachineArgs, IOID4VCIHolder, OID4VCIMachineEvents, OID4VCIMachineStateNavigationListener, WalletType } from '../types/IOID4VCIHolder'\nimport { FirstPartyMachineStateNavigationListener } from '../types/FirstPartyMachine'\n\n/\n This handler only handles credential offer links (either by value or by reference)\n */\nexport class OID4VCIHolderLinkHandler extends LinkHandlerAdapter {\n private readonly context: IAgentContext<IOID4VCIHolder & IMachineStatePersistence>\n private readonly stateNavigationListener?: OID4VCIMachineStateNavigationListener\n private readonly firstPartyStateNavigationListener?: FirstPartyMachineStateNavigationListener\n private readonly noStateMachinePersistence: boolean\n private readonly walletType: WalletType\n private readonly authorizationRequestOpts?: AuthorizationRequestOpts\n private readonly clientOpts?: AuthorizationServerClientOpts\n private readonly trustAnchors?: Array<string>\n\n constructor(\n args: Pick<\n GetMachineArgs,\n 'stateNavigationListener' \| 'authorizationRequestOpts' \| 'clientOpts' \| 'trustAnchors' \| 'firstPartyStateNavigationListener' \| 'walletType'\n > & {\n priority?: number \| DefaultLinkPriorities\n protocols?: Array<string \| RegExp>\n noStateMachinePersistence?: boolean\n context: IAgentContext<IOID4VCIHolder & IMachineStatePersistence>\n },\n ) {\n super({ ...args, id: 'OID4VCIHolder' })\n this.authorizationRequestOpts = args.authorizationRequestOpts\n this.clientOpts = args.clientOpts\n this.context = args.context\n this.walletType = args.walletType ?? 'NATURAL_PERSON'\n this.noStateMachinePersistence = args.noStateMachinePersistence === true\n this.stateNavigationListener = args.stateNavigationListener\n this.firstPartyStateNavigationListener = args.firstPartyStateNavigationListener\n this.trustAnchors = args.trustAnchors\n }\n\n async handle(\n url: string \| URL,\n opts?: {\n machineState?: SerializableState\n authorizationRequestOpts?: AuthorizationRequestOpts\n createAuthorizationRequestURL?: boolean\n clientOpts?: AuthorizationServerClientOpts\n flowType?: AuthzFlowType\n },\n ): Promise<void> {\n const uri = new URL(url).toString()\n const offerData = convertURIToJsonObject(uri) as Record<string, unknown>\n const hasCode = 'code' in offerData && !!offerData.code && !('issuer' in offerData)\n const code = hasCode ? (offerData.code as string) : undefined\n const clientOpts = { ...this.clientOpts, ...opts?.clientOpts }\n const oid4vciMachine = await this.context.agent.oid4vciHolderGetMachineInterpreter({\n requestData: {\n // We know this can only be invoked with a credential offer, so we convert the URI to offer\n ...(!hasCode && { credentialOffer: await CredentialOfferClient.fromURI(uri) }),\n ...(hasCode && { code: code }),\n createAuthorizationRequestURL: opts?.createAuthorizationRequestURL,\n flowType: opts?.flowType,\n uri,\n },\n trustAnchors: this.trustAnchors,\n authorizationRequestOpts: { ...this.authorizationRequestOpts, ...opts?.authorizationRequestOpts },\n ...((clientOpts.clientId \|\| clientOpts.clientAssertionType) && { clientOpts: clientOpts as AuthorizationServerClientOpts }),\n stateNavigationListener: this.stateNavigationListener,\n firstPartyStateNavigationListener: this.firstPartyStateNavigationListener,\n walletType: this.walletType,\n })\n\n const interpreter = oid4vciMachine.interpreter\n //FIXME we need a better way to check if the state persistence plugin is available in the agent\n if (!opts?.machineState && this.context.agent.availableMethods().includes('machineStatesFindActive')) {\n const stateType = hasCode ? 'existing' : 'new'\n await interpreterStartOrResume({\n stateType,\n interpreter,\n context: this.context,\n cleanupAllOtherInstances: true,\n cleanupOnFinalState: true,\n singletonCheck: true,\n noRegistration: this.noStateMachinePersistence,\n })\n } else {\n // @ts-ignore\n interpreter.start(opts?.machineState)\n }\n\n if (hasCode) {\n interpreter.send(OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE, { data: uri })\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,mDAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,gDAAkD;AAAA,MAClD,uDAAyD;AAAA,MACzD,8CAAgD;AAAA,MAChD,kDAAoD;AAAA,MACpD,kDAAoD;AAAA,MACpD,sDAAwD;AAAA,MACxD,mDAAqD;AAAA,MACrD,8CAAgD;AAAA,MAChD,kDAAoD;AAAA,MACpD,wCAA0C;AAAA,MAC1C,wDAA0D;AAAA,MAC1D,+DAAiE;AAAA,MACjE,uDAAyD;AAAA,MACzD,yCAA2C;AAAA,MAC3C,kEAAoE;AAAA,MACpE,2CAA6C;AAAA,MAC7C,yCAA2C;AAAA,IAC7C;AAAA;AAAA;;;AClBA;AAAA,mDAAAC,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,gDAAkD;AAAA,MAClD,uDAAyD;AAAA,MACzD,8CAAgD;AAAA,MAChD,kDAAoD;AAAA,MACpD,kDAAoD;AAAA,MACpD,sDAAwD;AAAA,MACxD,mDAAqD;AAAA,MACrD,8CAAgD;AAAA,MAChD,kDAAoD;AAAA,MACpD,wCAA0C;AAAA,MAC1C,wDAA0D;AAAA,MAC1D,uDAAyD;AAAA,MACzD,yCAA2C;AAAA,MAC3C,kEAAoE;AAAA,MACpE,2CAA6C;AAAA,MAC7C,yCAA2C;AAAA,IAC7C;AAAA;AAAA;;;ACjBA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACAA,IAAAC,yBAAiG;AACjG,IAAAC,yBAcO;AACP,IAAAC,sBAAuC;AACvC,IAAAA,sBAUO;AAEP,IAAAA,sBAA0C;AAC1C,IAAAC,kBAA8B;AAC9B,IAAAA,kBAaO;AACP,IAAAC,oBAaO;AAWP,IAAAC,gBAA0C;AAC1C,yBAAkB;AAClB,qBAA0B;AAC1B,IAAAC,eAA6B;;;ACxE7B,4BAAkG;AAElG,oBAAkE;;;ACFlE,qBAA8C;AAC9C,oBAAoB;;;ACsLb,IAAKC,qBAAAA,0BAAAA,qBAAAA;;;;SAAAA;;AAgBL,IAAKC,oBAAAA,0BAAAA,oBAAAA;;;SAAAA;;AA+CL,IAAKC,uBAAAA,0BAAAA,uBAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAAAA;;AAiCL,IAAKC,iCAAAA,0BAAAA,iCAAAA;;;SAAAA;;AAKL,IAAKC,gCAAAA,0BAAAA,gCAAAA;;;SAAAA;;AAiFL,IAAKC,uBAAAA,0BAAAA,uBAAAA;;;;;;;;;;;;SAAAA;;AAcL,IAAKC,uBAAAA,0BAAAA,uBAAAA;;;;;;;;;;;;;;;;SAAAA;;AAkBL,IAAKC,yBAAAA,0BAAAA,yBAAAA;;;;;;;;;;;;;;;SAAAA;;AAqDL,IAAKC,cAAAA,0BAAAA,cAAAA;;;;SAAAA;;AA6LL,IAAKC,sBAAAA,0BAAAA,sBAAAA;;SAAAA;;;;AD3nBZ,IAAMC,eAAN,MAAMA,cAAAA;EAJN,OAIMA;;;EACJ,OAAeC,qBAAyD;IACtE,CAACC,kBAAkBC,OAAO,GAAG,MAAMC;IACnC,CAACF,kBAAkBG,KAAK,GAAG,MAAMD;EACnC;EAEA,OAAcE,gBAAiBC,cAAAA,SAC7B,CAACC,KAAYC,WAAAA;AAEX,QAAIC,OAAOC,KAAKC,eAAAA,QAAKC,YAAY,EAAEC,WAAW,GAAG;AAC/CF,qBAAAA,QAAKC,eAAe;QAClB,CAACX,kBAAkBC,OAAO,GAAGH,cAAaC,mBAAmBC,kBAAkBC,OAAO,EAAC;MACzF;AACAS,qBAAAA,QAAKG,SAASb,kBAAkBC;IAClC,OAAO;AACLS,qBAAAA,QAAKC,eAAe;QAClB,CAACD,eAAAA,QAAKG,MAAM,GAAG;UACb,GAAGH,eAAAA,QAAKC,aAAaD,eAAAA,QAAKG,MAAM;UAChC,GAAGf,cAAaC,mBAAmB,KAAKe,sBAAsBJ,eAAAA,QAAKG,MAAM,KAAKb,kBAAkBC,OAAO,EAAC;QAC1G;MACF;IACF;AAEA,WAAOS,eAAAA,QAAKK,EAAET,KAAKC,MAAAA;EACrB,GACA,CAACD,KAAYC,WAA+BA,SAASD,MAAMU,KAAKC,UAAUV,MAAAA,IAAUD,GAAAA;EAGtF,OAAeQ,wBAAwB,wBAACD,WAAAA;AACtC,eAAWK,YAAYV,OAAOW,OAAOnB,iBAAAA,GAAoB;AACvD,UAAIkB,aAAaL,QAAQ;AACvB,eAAOK;MACT;IACF;AAEA,WAAOE;EACT,GARuC;EAUvC,OAAcC,YAAY,6BAAA;AACxB,WAAOX,eAAAA,QAAKG,UAAUb,kBAAkBC;EAC1C,GAF0B;AAG5B;AAEO,IAAMG,YAAYN,aAAaM;;;AErC/B,IAAKkB,8BAAAA,0BAAAA,8BAAAA;;;;;;;;;;SAAAA;;AAYL,IAAKC,4BAAAA,0BAAAA,4BAAAA;;;;;SAAAA;;AAuBL,IAAKC,0BAAAA,0BAAAA,0BAAAA;;;;;SAAAA;;;;AHXZ,IAAMC,2BAA2B,wBAACC,MAA6BC,WAAAA;AAC7D,QAAM,EAAEC,QAAO,IAAKF;AACpB,SAAOE,YAAYC;AACrB,GAHiC;AAKjC,IAAMC,yBAAyB,wBAACJ,MAA6BC,WAAAA;AAC3D,QAAM,EAAEC,QAAO,IAAKF;AACpB,SAAOE,YAAYC;AACrB,GAH+B;AAK/B,IAAME,iCAAiC,wBAACL,MAA6BC,WAAAA;AACnE,QAAM,EAAEC,SAASI,eAAc,IAAKN;AACpC,SAAOE,YAAYC,UAAaG,mBAAmBH,UAAaG,eAAeC,WAAW;AAC5F,GAHuC;AAKvC,IAAMC,0CAA0C,wBAACR,MAA6BC,WAAAA;AAC5E,QAAM,EAAEQ,uBAAsB,IAAKT;AACnC,SAAOS,0BAA0BA,uBAAuBF,SAAS;AACnE,GAHgD;AAKhD,IAAMG,yBAAyB,wBAACV,MAA6BC,WAAAA;AAC3D,QAAM,EAAEU,YAAW,IAAKX;AACxB,SAAOW,aAAaC,iBAAiBC,oBAAoB;AAC3D,GAH+B;AAK/B,IAAMC,mCAAmC,wBAACd,MAA6BC,WAAAA;AACrE,QAAM,EAAEC,SAASa,oBAAmB,IAAKf;AACzC,MAAIgB,aAAaD,oBAAoB,CAAA,EAAGE;AACxC,MAAID,WAAWE,MAAM,gBAAA,GAAmB;AACtCF,iBAAa,IAAIG,IAAIH,UAAAA,EAAYI;EACnC;AACA,SAAO,CAAClB,SAASmB,WAAWC,KAAK,CAACC,aAAgCA,SAASC,WAAWP,kBAAkBD,UAAAA;AAC1G,GAPyC;AASzC,IAAMS,+BAA+B,wBAACzB,MAA6BC,WAAAA;AACjE,QAAM,EAAEyB,iBAAgB,IAAK1B;AAC7B,SAAO0B,qBAAqBvB,UAAauB,iBAAiBnB,SAAS;AACrE,GAHqC;AAKrC,IAAMoB,4BAA4B,wBAAC3B,MAA6BC,WAAAA;AAC9D,QAAM,EAAE2B,cAAcC,kBAAiB,IAAK7B;AAC5C,SAAO6B,qBAAqB,CAAC,CAACD,gBAAgBA,aAAarB,SAAS;AACtE,GAHkC;AAKlC,IAAMuB,qCAAqC,wBAAC9B,MAA6BC,WAAAA;AACvE,QAAM,EAAE8B,oBAAmB,IAAK/B;AAChC,SAAO+B,wBAAwB5B,UAAa4B,oBAAoBxB,SAAS;AAC3E,GAH2C;AAK3C,IAAMyB,2BAA2B,wBAAChC,MAA6BC,WAAAA;AAE7D,QAAM,EAAEgC,aAAY,IAAKjC;AACzB,SAAOiC,aAAa1B,SAAS;AAC/B,GAJiC;AAMjC,IAAM2B,8BAA8B,wBAACC,KAA4BlC,WAAAA;AAC/D,SAAO,CAACmC,gCAAgCD,KAAKlC,MAAAA;AAC/C,GAFoC;AAKpC,IAAMoC,mCAAmC,wBAACF,KAA4BlC,WAAAA;AACpE,QAAM,EAAEqC,sBAAqB,IAAKH;AAElC,MAAI,CAACG,uBAAuB;AAC1B,UAAMC,MAAM,4CAAA;EACd;AAEA,MAAID,sBAAsBE,oBAAoBF,sBAAsBG,0BAA0B;AAG5F,WAAO,CAACN,IAAIG,uBAAuBI;EACrC,WAAWJ,sBAAsB1B,iBAAiB+B,gBAAgBC,SAASC,oCAAcC,uBAAuB,GAAG;AACjH,WAAO,CAACX,IAAIG,uBAAuBI;EACrC,WAAWJ,sBAAsB1B,iBAAiB+B,gBAAgBC,SAASC,oCAAcE,wBAAwB,GAAG;AAClH,WAAO;EACT,WAAWT,sBAAsBU,kBAAkBC,0BAA0BC,wBAAwB;AACnG,WAAO,CAACf,IAAIG,uBAAuBI;EACrC;AACA,SAAO;AACT,GAnByC;AAqBzC,IAAMN,kCAAkC,wBAACD,KAA4BlC,WAAAA;AACnE,SAAO,CAAC,CAACkC,IAAIG,uBAAuBI;AACtC,GAFwC;AAIxC,IAAMS,iCAAiC,wBAAChB,KAA4BlC,WAAAA;AAClE,SAAO,CAAC,CAACkC,IAAIiB,gBAAgBC;AAC/B,GAFuC;AAIvC,IAAMC,uBAAuB,wBAACC,SAAAA;AAC5B,QAAMC,iBAAwC;;IAE5CC,iBAAiBF,MAAME;IACvB9C,aAAa4C,MAAM5C;IACnB+C,YAAYH,MAAMG,cAAc;IAChCzB,cAAcsB,MAAMtB,gBAAgB,CAAA;IACpC0B,aAAaJ,MAAMI;IACnBC,sBAAsBL,MAAMK;IAC5BC,QAAQN,MAAMM;IACdC,sBAAsB,CAAC;IACvBrD,wBAAwB,CAAA;IACxBsB,qBAAqB,CAAA;IACrBhB,qBAAqB,CAAA;IACrBc,mBAAmB;IACnBD,cAAc;EAChB;AAEA,aAAOmC,6BAA+D;IACpEC,IAAIT,MAAMU,eAAe;IACzBC,4BAA4B;IAC5BC,SAASC,qBAAqBC;IAC9BC,QAAQ;MACNC,QAAQ,CAAC;MACTC,QAAQ,CAAC;MAeTC,UAAU,CAAC;IAyCb;IACAC,SAASlB;IACTmB,QAAQ;MACN,CAACP,qBAAqBC,KAAK,GAAG;QAC5BL,IAAII,qBAAqBC;QACzBO,QAAQ;UACNC,KAAKC,uBAAuBT;UAC5BU,QAAQ;YACNC,QAAQZ,qBAAqBa;YAC7BC,aAASC,sBAAO;cACdC,oBAAoB,wBAACpF,MAA6BC,WAAyCA,OAAOoF,KAAKD,sBAAsB,CAAC,GAA1G;cACpBtB,sBAAsB,wBAAC9D,MAA6BC,WAAyCA,OAAOoF,KAAKvB,sBAAnF;cACtBV,gBAAgB,wBAACpD,MAA6BC,WAAyCA,OAAOoF,KAAKjC,gBAAnF;cAChBd,uBAAuB,wBAACtC,MAA6BC,WAAyCA,OAAOoF,KAAKC,oBAAnF;YACzB,CAAA;UACF;UACAC,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,wCAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBa,6BAA6B,GAAG;QACpDjB,IAAII,qBAAqBa;QACzBL,QAAQ;UACNC,KAAKC,uBAAuBG;UAC5BF,QAAQ;YACNC,QAAQZ,qBAAqB0B;YAC7BZ,aAASC,sBAAO;cACd1E,wBAAwB,wBAACT,MAA6BC,WAAiEA,OAAOoF,MAAtG;YAC1B,CAAA;UAGF;UACAE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,kDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqB0B,UAAU,GAAG;QACjC9B,IAAII,qBAAqB0B;QACzBlB,QAAQ;UACNC,KAAKC,uBAAuBgB;UAC5Bf,QAAQ;YACNC,QAAQZ,qBAAqB2B;YAC7Bb,aAASC,sBAAO;cAAEjF,SAAS,wBAACF,MAA6BC,WAAmCA,OAAOoF,MAAxE;YAA6E,CAAA;UAC1G;UACAE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,8CAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqB2B,iBAAiB,GAAG;QACxC/B,IAAII,qBAAqB2B;QACzBnB,QAAQ;UACNC,KAAKC,uBAAuBiB;UAC5BhB,QAAQ;YACN;cACEC,QAAQZ,qBAAqB4B;cAC7BC,MAAMC,qBAAqBC;cAC3BjB,aAASC,sBAAO;gBACdiB,gBAAgB,wBAACpG,MAA6BC,WAC5CA,OAAOoF,MADO;cAElB,CAAA;YACF;YACA;cACEL,QAAQZ,qBAAqBiC;cAC7BnB,aAASC,sBAAO;gBACdiB,gBAAgB,wBAACpG,MAA6BC,WAC5CA,OAAOoF,MADO;cAElB,CAAA;YACF;;UAEFE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,sDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqB4B,kBAAkB,GAAG;QACzChC,IAAII,qBAAqB4B;QACzBpB,QAAQ;UACNC,KAAKC,uBAAuBkB;UAC5BjB,QAAQ;YACNC,QAAQZ,qBAAqBiC;YAC7BnB,aAASC,sBAAO;cACd7E,gBAAgB,wBAACN,MAA6BC,WAA2CA,OAAOoF,MAAhF;YAClB,CAAA;UACF;UACAE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,uDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBiC,mBAAmB,GAAG;QAC1CrC,IAAII,qBAAqBiC;QACzBC,QAAQ;UACN;YACEtB,QAAQZ,qBAAqBmC;YAC7BN,MAAMC,qBAAqBM;UAC7B;UACA;YACExB,QAAQZ,qBAAqBqC;YAC7BR,MAAMC,qBAAqBQ;UAC7B;UACA;YACE1B,QAAQZ,qBAAqBuC;YAC7BV,MAAMC,qBAAqBU;UAC7B;UACA;YACE5B,QAAQZ,qBAAqByC;YAC7BZ,MAAMC,qBAAqBY;UAC7B;UACA;YACE9B,QAAQZ,qBAAqB2C;YAC7Bd,MAAMC,qBAAqBc;UAC7B;UACA;YACEhC,QAAQZ,qBAAqB6C;YAC7BhB,MAAMC,qBAAqBgB;UAC7B;UACA;YACElC,QAAQZ,qBAAqB+C;UAC/B;;QAEFC,IAAI;UACF,CAACC,qBAAqBC,0BAA0B,GAAG;YACjDpC,aAASC,sBAAO;cAAEoC,sBAAsB,wBAACvH,MAA6BC,WAAyCA,OAAOoF,MAA9E;YAAmF,CAAA;UAC7H;QACF;MACF;MACA,CAACjB,qBAAqBmC,UAAU,GAAG;QACjCvC,IAAII,qBAAqBmC;QACzBpC,SAASqD,+BAA+BC;QACxCL,IAAI;UACF,CAACC,qBAAqBK,mBAAmB,GAAG;YAC1CxC,aAASC,sBAAO;cAAEtD,mBAAmB,wBAAC7B,MAA6BC,WAAgCA,OAAOoF,MAArE;YAA0E,CAAA;UACjH;UACA,CAACgC,qBAAqBM,iBAAiB,GAAG;YACxCzC,aAASC,sBAAO;cAAEvD,cAAc,wBAAC5B,MAA6BC,WAA8BA,OAAOoF,MAAnE;YAAwE,CAAA;UAC1G;UACA,CAACgC,qBAAqBO,cAAc,GAAG;YACrC5C,QAAQ,IAAIwC,+BAA+BK,IAAI;YAC/C3C,aAASC,sBAAO;cAAEjF,SAAS,wBAACF,MAA6BC,WAA+BA,OAAOoF,MAApE;YAAyE,CAAA;YACpGY,MAAMC,qBAAqB4B;UAC7B;UACA,CAACT,qBAAqBU,OAAO,GAAG;YAC9B/C,QAAQZ,qBAAqB4D;UAC/B;UACA,CAACX,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqB8D;UAC/B;QACF;QACAvD,QAAQ;UACN,CAAC6C,+BAA+BC,IAAI,GAAG,CAAC;UACxC,CAACD,+BAA+BK,IAAI,GAAG;YACrCvB,QAAQ;cACNtB,QAAQ,IAAIZ,qBAAqB+D,mBAAmB;cACpDlC,MAAMC,qBAAqBkC;YAC7B;UACF;QACF;MACF;MACA,CAAChE,qBAAqBqC,aAAa,GAAG;QACpCzC,IAAII,qBAAqBqC;QACzBW,IAAI;UACF,CAACC,qBAAqBgB,IAAI,GAAG;YAC3BrD,QAAQZ,qBAAqBkE;UAC/B;UACA,CAACjB,qBAAqBU,OAAO,GAAG;YAC9B/C,QAAQZ,qBAAqB4D;UAC/B;UACA,CAACX,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqB8D;UAC/B;QACF;MACF;MACA,CAAC9D,qBAAqB+D,mBAAmB,GAAG;QAC1CnE,IAAII,qBAAqB+D;QACzBvD,QAAQ;UACNC,KAAKC,uBAAuBqD;UAC5BpD,QAAQ;YACNC,QAAQZ,qBAAqBkE;UAC/B;UACA/C,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,mDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBkE,0BAA0B,GAAG;QACjDtE,IAAII,qBAAqBkE;QACzBhC,QAAQ;UACN;YACEtB,QAAQZ,qBAAqBuC;YAC7BV,MAAMC,qBAAqBU;UAC7B;UACA;YACE5B,QAAQZ,qBAAqByC;YAC7BZ,MAAMC,qBAAqBY;UAC7B;UACA;YACE9B,QAAQZ,qBAAqB2C;YAC7Bd,MAAMC,qBAAqBc;UAC7B;UACA;YACEhC,QAAQZ,qBAAqB6C;YAC7BhB,MAAMC,qBAAqBgB;UAC7B;UACA;YACElC,QAAQZ,qBAAqB+C;UAC/B;;MAEJ;MACA,CAAC/C,qBAAqByC,6BAA6B,GAAG;QACpD7C,IAAII,qBAAqByC;QACzBjC,QAAQ;UACNC,KAAKC,uBAAuB+B;UAC5B9B,QAAQ;YACN;cACEC,QAAQZ,qBAAqB8D;cAC7BjC,MAAM,wBAACjG,MAA6BC,WAClCA,OAAOoF,SAASkD,4BAA4BL,SADxC;YAER;YACA;cACElD,QAAQZ,qBAAqB4D;cAC7B/B,MAAM,wBAACjG,MAA6BC,WAClCA,OAAOoF,SAASkD,4BAA4BP,UADxC;YAER;YACA;cACEhD,QAAQZ,qBAAqB+C;cAC7BjC,aAASC,sBAAO;gBACd7C,uBAAuB,wBAACtC,MAA6BC,WAAAA;AACnD,wBAAMyC,gCAA4B8F,sDAA+BvI,OAAOoF,IAAI;AAC5E,yBAAO;oBAAE,GAAGrF,KAAKsC;oBAAwBI;kBAA0B;gBACrE,GAHuB;cAIzB,CAAA;YACF;;UAEF6C,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAyD;gBAC5FyF,OAAOzF,OAAOoF,KAAKK,SAASC,UAAU,yCAAA;gBACtCC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBuC,iBAAiB,GAAG;QACxC3C,IAAII,qBAAqBuC;QACzBS,IAAI;UACF,CAACC,qBAAqBoB,wBAAwB,GAAG;YAC/CvD,aAASC,sBAAO;cAAEpD,qBAAqB,wBAAC/B,MAA6BC,WAAmCA,OAAOoF,MAAxE;YAA6E,CAAA;UACtH;UACA,CAACgC,qBAAqBgB,IAAI,GAAG;YAC3BrD,QAAQZ,qBAAqBsE;YAC7BzC,MAAMC,qBAAqByC;UAC7B;UACA,CAACtB,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqB8D;UAC/B;QACF;MACF;MACA,CAAC9D,qBAAqBsE,kCAAkC,GAAG;QACzD1E,IAAII,qBAAqBsE;QACzBpC,QAAQ;UACN;YACEtB,QAAQZ,qBAAqByC;YAC7BZ,MAAMC,qBAAqBY;UAC7B;UACA;YACE9B,QAAQZ,qBAAqB2C;YAC7Bd,MAAMC,qBAAqBc;UAC7B;UACA;YACEhC,QAAQZ,qBAAqB6C;YAC7BhB,MAAMC,qBAAqBgB;UAC7B;UACA;YACElC,QAAQZ,qBAAqB+C;UAC/B;;MAEJ;MACA,CAAC/C,qBAAqB2C,2BAA2B,GAAG;QAClD/C,IAAII,qBAAqB2C;QACzBnC,QAAQ;UACNC,KAAKC,uBAAuBiC;UAC5BhC,QAAQ;YACNC,QAAQZ,qBAAqBwE;YAC7B1D,aAASC,sBAAO;cACdoC,sBAAsB,wBAACvH,MAA6BC,WAClDA,OAAOoF,KAAKkC,sBADQ;cAEtBjF,uBAAuB,wBAACtC,MAA6BC,WAAwDA,OAAOoF,KAAKC,oBAAlG;YACzB,CAAA;UACF;UACAC,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,mDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBwE,4BAA4B,GAAG;QACnD5E,IAAII,qBAAqBwE;QACzBxB,IAAI;UACF,CAACC,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqBuC;UAC/B;UACA,CAACU,qBAAqBwB,kCAAkC,GAAG;YACzD7D,QAAQZ,qBAAqB0E;UAC/B;QACF;MACF;MACA,CAAC1E,qBAAqB0E,4BAA4B,GAAG;QACnD9E,IAAII,qBAAqB0E;QACzB1B,IAAI;UACF,CAACC,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqBwE;UAC/B;UACA,CAACvB,qBAAqB0B,mCAAmC,GAAG;YAC1D7D,aAASC,sBAAO;cACd7C,uBAAuB,wBAACtC,MAA6BC,WAAAA;AACnD,sBAAMyC,gCAA4B8F,sDAA+BvI,OAAOoF,IAAI;AAC5E,uBAAO;kBAAE,GAAGrF,KAAKsC;kBAAwBI;gBAA0B;cACrE,GAHuB;YAIzB,CAAA;UACF;QACF;QACA4D,QAAQ;UACN;YACEL,MAAMC,qBAAqB8C;YAC3BhE,QAAQZ,qBAAqB+C;UAC/B;;MAEJ;MACA,CAAC/C,qBAAqB6C,SAAS,GAAG;QAChCjD,IAAII,qBAAqB6C;QACzB9C,SAAS8E,8BAA8BxB;QACvCL,IAAI;UACF,CAACC,qBAAqB6B,qBAAqB,GAAG;YAC5ClE,QAAQ,IAAIiE,8BAA8BpB,IAAI;YAC9C3C,aAASC,sBAAO;cAAEzD,kBAAkB,wBAAC1B,MAA6BC,WAAkCA,OAAOoF,MAAvE;YAA4E,CAAA;UAClH;UACA,CAACgC,qBAAqBY,QAAQ,GAAG;YAC/B;cACEjD,QAAQZ,qBAAqBuC;cAC7BV,MAAMC,qBAAqBU;YAC7B;YACA;cACE5B,QAAQZ,qBAAqB8D;YAC/B;;QAEJ;QACAvD,QAAQ;UACN,CAACsE,8BAA8BxB,IAAI,GAAG,CAAC;UACvC,CAACwB,8BAA8BpB,IAAI,GAAG;YACpCvB,QAAQ;cACNtB,QAAQ,IAAIZ,qBAAqB+C,cAAc;cAC/ClB,MAAMC,qBAAqBiD;YAC7B;UACF;QACF;MACF;MACA,CAAC/E,qBAAqB+C,cAAc,GAAG;QACrCnD,IAAII,qBAAqB+C;QACzBvC,QAAQ;UACNC,KAAKC,uBAAuBqC;UAC5BpC,QAAQ;YACNC,QAAQZ,qBAAqBgF;YAC7BlE,aAASC,sBAAO;cACdpE,qBAAqB,wBAACf,MAA6BC,WAA6DA,OAAOoF,MAAlG;YACvB,CAAA;UACF;UACAE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,kDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;QACAwD,UAAMlE,sBAAO;UAAEzD,kBAAkBvB;QAAU,CAAA;MAC7C;MACA,CAACiE,qBAAqBgF,iBAAiB,GAAG;QACxCpF,IAAII,qBAAqBgF;QACzBxE,QAAQ;UACNC,KAAKC,uBAAuBwE;UAC5BvE,QAAQ;YACNC,QAAQZ,qBAAqBmF;UAC/B;UACAhE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,gDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBmF,yBAAyB,GAAG;QAChDvF,IAAII,qBAAqBmF;QACzBjD,QAAQ;UACN;YACEtB,QAAQZ,qBAAqBoF;YAC7BvD,MAAMC,qBAAqBuD;UAC7B;UACA;YACEzE,QAAQZ,qBAAqBsF;UAC/B;;MAEJ;MACA,CAACtF,qBAAqBoF,kBAAkB,GAAG;QACzCxF,IAAII,qBAAqBoF;QACzB5E,QAAQ;UACNC,KAAKC,uBAAuB0E;UAC5BzE,QAAQ;YACNC,QAAQZ,qBAAqBuF;YAC7BzE,SAAS,wBAAClF,MAA6BC,WAAAA;AACrCD,mBAAKE,SAASmB,WAAWuI,KAAK3J,OAAOoF,IAAI;YAC3C,GAFS;UAGX;UACAE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,kDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBuF,8BAA8B,GAAG;QACrD3F,IAAII,qBAAqBuF;QACzB/E,QAAQ;UACNC,KAAKC,uBAAuBqD;UAC5BpD,QAAQ;YACNC,QAAQZ,qBAAqBsF;UAC/B;UACAnE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,mDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBsF,iBAAiB,GAAG;QACxC1F,IAAII,qBAAqBsF;QACzBtC,IAAI;UACF,CAACC,qBAAqBgB,IAAI,GAAG;YAC3BrD,QAAQZ,qBAAqByF;UAC/B;UACA,CAACxC,qBAAqBU,OAAO,GAAG;YAC9B/C,QAAQZ,qBAAqB4D;UAC/B;UACA,CAACX,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqB8D;UAC/B;QACF;MACF;MACA,CAAC9D,qBAAqByF,uBAAuB,GAAG;QAC9C7F,IAAII,qBAAqByF;QACzBjF,QAAQ;UACNC,KAAKC,uBAAuB+E;UAC5B9E,QAAQ;YACNC,QAAQZ,qBAAqB0F;UAC/B;UACAvE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,uDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqB0F,gBAAgB,GAAG;QACvC9F,IAAII,qBAAqB0F;QACzBlF,QAAQ;UACNC,KAAKC,uBAAuBgF;UAC5B/E,QAAQ;YACNC,QAAQZ,qBAAqB2F;UAC/B;UACAxE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,8CAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBoB,WAAW,GAAG;QAClCxB,IAAII,qBAAqBoB;QACzB4B,IAAI;UACF,CAACC,qBAAqBgB,IAAI,GAAG;YAC3BrD,QAAQZ,qBAAqBqB;UAC/B;UACA,CAAC4B,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqBqB;UAC/B;QACF;MACF;MACA,CAACrB,qBAAqB8D,OAAO,GAAG;QAC9BlE,IAAII,qBAAqB8D;QACzB8B,MAAM;MACR;MACA,CAAC5F,qBAAqB4D,QAAQ,GAAG;QAC/BhE,IAAII,qBAAqB4D;QACzBgC,MAAM;MACR;MACA,CAAC5F,qBAAqBqB,KAAK,GAAG;QAC5BzB,IAAII,qBAAqBqB;QACzBuE,MAAM;MACR;MACA,CAAC5F,qBAAqB2F,IAAI,GAAG;QAC3B/F,IAAII,qBAAqB2F;QACzBC,MAAM;MACR;IACF;EACF,CAAA;AACF,GA1pB6B;AA4pBtB,IAAMC,iBAAN,MAAMA;EAvxBb,OAuxBaA;;;EACX,aAAaC,YAAY3G,MAAkCmB,SAA+E;AACxI,UAAMyF,kBAAyCC,yBAC7C9G,qBAAqBC,IAAAA,EAAM8G,WAAW;MACpC5F,UAAU;QACR,GAAGlB,MAAMkB;MACX;MACAD,QAAQ;QACNzE;QACAS;QACAE;QACAI;QACAW;QACArB;QACAuB;QACAG;QACAO;QACAH;QACAE;QACAJ;QACA3B;QACA8C;QACA,GAAGI,MAAMiB;MACX;IACF,CAAA,CAAA;AAGF,QAAI,OAAOjB,MAAM+G,iBAAiB,YAAY;AAC5CH,kBAAYI,aAAahH,KAAK+G,YAAY;IAC5C;AACA,QAAI/G,MAAMiH,gCAAgC,MAAM;AAC9C,UAAI,OAAOjH,MAAMkH,4BAA4B,YAAY;AACvDN,oBAAYI,aAAa,CAACG,aAAAA;AACxB,cAAInH,MAAMkH,yBAAyB;AACjClH,iBAAKkH,wBAAwBN,aAAaO,QAAAA;UAC5C;QACF,CAAA;MACF;IACF;AAEA,WAAO;MAAEP;IAAY;EACvB;AACF;;;AIj0BA,IAAAQ,yBAAoB;AACpB,IAAAC,yBAWO;AACP,yBAAuB;AACvB,IAAAC,sBAAqE;AACrE,IAAAA,sBAOO;AACP,IAAAA,sBAA8C;AAC9C,qBAA8B;AAE9B,uBAaO;AACP,mBAAwB;;;ACxCxB,IAAAC,iBAAkE;AAClE,IAAAC,yBAAqH;;;ACDrH,4BAAiC;AAIjC,kBAA6B;AAUtB,IAAMC,oCAAoC,8BAAOC,SAAAA;AACtD,QAAM,EAAEC,uBAAuBC,aAAaC,kCAAiC,IAAKH;AAElF,QAAMI,gBAAgB,MAAMC,uCAAiBC,UAAU;IAAEC,OAAON;EAAsB,CAAA;AACtF,SAAOG,cAAcI,kCAAkC;IACrDC,UAAUL,cAAcK,gBAAYC,YAAAA,IAAAA;IACpC,GAAIR,eAAe;MAAEA;IAAY;IACjC,GAAI,CAACA,eACHD,sBAAsBU,iBAAiBC,qBAAqB;MAAEC,aAAaZ,sBAAsBU,iBAAiBC;IAAkB;IACtI,GAAI,CAACV,eAAeD,sBAAsBU,iBAAiBE,eAAe;MAAEA,aAAaZ,sBAAsBU,iBAAiBE;IAAY;IAC5I,GAAIV,qCAAqC;MAAEA;IAAkC;EAC/E,CAAA;AACF,GAZiD;AAc1C,IAAMW,eAAe,8BAAOd,MAAwBe,YAAAA;AACzD,QAAM,EAAEC,gBAAe,IAAKhB;AAE5B,MAAI,CAACgB,iBAAiB;AACpB,WAAOC,QAAQC,OAAOC,MAAM,qCAAA,CAAA;EAC9B;AAEA,SAAOJ,QAAQK,MAAMC,iBAAiB;IAAEC,KAAKN;EAAgB,CAAA;AAC/D,GAR4B;AAUrB,IAAMO,iBAAiB,8BAAOvB,MAA0Be,YAAAA;AAC7D,QAAM,EAAES,eAAeR,gBAAe,IAAKhB;AAE3C,MAAIgB,oBAAoBS,QAAW;AACjC,WAAOR,QAAQC,OAAOC,MAAM,qCAAA,CAAA;EAC9B;AAEA,MAAIK,kBAAkBC,QAAW;AAC/B,WAAOR,QAAQC,OAAOC,MAAM,oCAAA,CAAA;EAC9B;AAEA,SAAOJ,QAAQK,MAAMM,mBAAmB;IAAEF;IAAeF,KAAKN;EAAgB,CAAA;AAChF,GAZ8B;AAcvB,IAAMW,4BAA4B,8BAAO3B,MAAqCe,YAAAA;AACnF,QAAM,EAAES,eAAeI,0BAA0BC,oBAAmB,IAAK7B;AAEzE,QAAM8B,eAAe,MAAMf,QAAQK,MAAMW,iBAAiB;IACxDH;IACAC;IACAL;IACAQ,cAAc;EAChB,CAAA;AAEA,SAAkDF,aAAaG,KAAMC;AACvE,GAXyC;;;ADzBzC,IAAMC,0BAAyD;EAC7D,CAACC,4BAA4BC,iCAAiC,GAAG;IAC/DC,IAAIF,4BAA4BC;IAChCE,QAAQ;MACNC,KAAKC,0BAA0BJ;MAC/BK,QAAQ;QACNC,QAAQP,4BAA4BQ;QACpCC,aAASC,uBAAO;UACdC,2BAA2B,wBAACC,MAAgCC,WAAgEA,OAAOC,MAAxG;QAC7B,CAAA;MACF;MACAC,SAAS;QACP;UACER,QAAQP,4BAA4BgB;UACpCC,MAAM,wBAACL,MAAgCC,WACrCA,OAAOC,KAAKI,UAAUC,mDAA4BC,4BAD9C;UAENX,aAASC,uBAAO;YACdW,aAAa,wBAACT,MAAgCC,WAAiEA,OAAOC,KAAKQ,cAA9G;YACbC,iBAAiB,wBAACX,MAAgCC,WAChDA,OAAOC,KAAKU,cADG;UAEnB,CAAA;QACF;QACA;UACEjB,QAAQP,4BAA4BkB;UACpCT,aAASC,uBAAO;YACdQ,OAAO,wBAACN,MAAgCC,YAAkD;cACxFY,OAAOC,UAAU,kEAAA;cACjBC,SAASd,OAAOC,KAAKa;cACrBC,OAAOf,OAAOC,KAAKc;YACrB,IAJO;UAKT,CAAA;QACF;;IAEJ;EACF;EACA,CAAC5B,4BAA4BgB,YAAY,GAAG;IAC1Cd,IAAIF,4BAA4BgB;IAChCb,QAAQ;MACNC,KAAKC,0BAA0BW;MAC/BV,QAAQ;QACNC,QAAQP,4BAA4B6B;QACpCpB,aAASC,uBAAO;UACdoB,eAAe,wBAAClB,MAAgCC,WAA2CA,OAAOC,MAAnF;QACjB,CAAA;MACF;MACAC,SAAS;QACPR,QAAQP,4BAA4BkB;QACpCT,aAASC,uBAAO;UACdQ,OAAO,wBAACN,MAAgCC,YAAkD;YACxFY,OAAOC,UAAU,2CAAA;YACjBC,SAASd,OAAOC,KAAKa;YACrBC,OAAOf,OAAOC,KAAKc;UACrB,IAJO;QAKT,CAAA;MACF;IACF;EACF;EACA,CAAC5B,4BAA4B6B,cAAc,GAAG;IAC5C3B,IAAIF,4BAA4B6B;IAChC1B,QAAQ;MACNC,KAAKC,0BAA0BwB;MAC/BvB,QAAQ;QACNC,QAAQP,4BAA4B+B;QACpCtB,aAASC,uBAAO;UACdsB,0BAA0B,wBAACpB,MAAgCC,WAA4DA,OAAOC,MAApG;QAC5B,CAAA;MACF;MACAC,SAAS;QACPR,QAAQP,4BAA4BkB;QACpCT,aAASC,uBAAO;UACdQ,OAAO,wBAACN,MAAgCC,YAAkD;YACxFY,OAAOC,UAAU,wCAAA;YACjBC,SAASd,OAAOC,KAAKa;YACrBC,OAAOf,OAAOC,KAAKc;UACrB,IAJO;QAKT,CAAA;MACF;IACF;EACF;EACA,CAAC5B,4BAA4B+B,iBAAiB,GAAG;IAC/C7B,IAAIF,4BAA4B+B;IAChCE,IAAI;MACF,CAACC,wBAAwBC,wBAAwB,GAAG;QAClD1B,aAASC,uBAAO;UAAE0B,qBAAqB,wBAACxB,MAAgCC,WAA6CA,OAAOC,MAArF;QAA0F,CAAA;MACnI;MACA,CAACoB,wBAAwBG,IAAI,GAAG;QAC9B9B,QAAQP,4BAA4BsC;MACtC;MACA,CAACJ,wBAAwBK,OAAO,GAAG;QACjChC,QAAQP,4BAA4BwC;MACtC;MACA,CAACN,wBAAwBO,QAAQ,GAAG;QAClClC,QAAQP,4BAA4B0C;MACtC;IACF;EACF;EACA,CAAC1C,4BAA4BsC,yBAAyB,GAAG;IACvDpC,IAAIF,4BAA4BsC;IAChCnC,QAAQ;MACNC,KAAKC,0BAA0BiC;MAC/BhC,QAAQ;QACNC,QAAQP,4BAA4BC;QACpCQ,aAASC,uBAAO;UACdiC,mCAAmC,wBAAC/B,MAAgCC,WAAoCA,OAAOC,MAA5E;QACrC,CAAA;MACF;MACAC,SAAS;QACPR,QAAQP,4BAA4BkB;QACpCT,aAASC,uBAAO;UACdQ,OAAO,wBAACN,MAAgCC,YAAkD;YACxFY,OAAOC,UAAU,yCAAA;YACjBC,SAASd,OAAOC,KAAKa;YACrBC,OAAOf,OAAOC,KAAKc;UACrB,IAJO;QAKT,CAAA;MACF;IACF;EACF;EACA,CAAC5B,4BAA4B0C,OAAO,GAAG;IACrCxC,IAAIF,4BAA4B0C;IAChCE,MAAM;EACR;EACA,CAAC5C,4BAA4BwC,QAAQ,GAAG;IACtCtC,IAAIF,4BAA4BwC;IAChCI,MAAM;EACR;EACA,CAAC5C,4BAA4BkB,KAAK,GAAG;IACnChB,IAAIF,4BAA4BkB;IAChC0B,MAAM;EACR;EACA,CAAC5C,4BAA4BQ,IAAI,GAAG;IAClCN,IAAIF,4BAA4BQ;IAChCoC,MAAM;EACR;AACF;AAEA,IAAMC,oCAAoC,wBAACC,SAAAA;AACzC,QAAMC,iBAA2C;IAC/CC,uBAAuBF,KAAKE;IAC5BC,SAASH,KAAKG;IACdb,qBAAqB,CAAA;EACvB;AAEA,aAAOc,8BAAqE;IAC1EhD,IAAI4C,MAAMK,aAAa;IACvBC,4BAA4B;IAC5BC,SAASrD,4BAA4BC;IACrCqD,SAASP;IACTQ,QAAQxD;IACRyD,QAAQ;MACNC,QAAQ,CAAC;MACTC,UAAU,CAAC;IAcb;EACF,CAAA;AACF,GA/B0C;AAiCnC,IAAMC,oBAAN,MAAMA,mBAAAA;EApMb,OAoMaA;;;EACX,OAAeC;EAEf,OAAOC,cAAuB;AAC5B,WAAOF,mBAAkBC,cAAcE;EACzC;EAEA,WAAWC,WAAyC;AAClD,QAAI,CAACJ,mBAAkBC,WAAW;AAChC,YAAMI,MAAM,gDAAA;IACd;AACA,WAAOL,mBAAkBC;EAC3B;EAEA,OAAOK,cAAcnB,MAAyB;AAC5C,UAAM,EAAEoB,KAAI,IAAKpB;AACjB,QAAIa,mBAAkBE,YAAW,GAAI;AACnC,UAAIK,MAAM;AACRP,2BAAkBQ,aAAY;MAChC;IACF;AACAR,uBAAkBC,YAAYE;EAChC;EAEA,OAAOK,eAAqB;AAC1B,QAAI,CAACR,mBAAkBE,YAAW,GAAI;AACpC;IACF;AACAF,uBAAkBI,SAASG,KAAI;AAC/BP,uBAAkBC,YAAYE;EAChC;EAEA,OAAcM,YAAYtB,MAAmE;AAC3F,UAAM,EAAEuB,aAAY,IAAKvB;AACzB,UAAMY,WAAgD;MACpD,CAACrD,0BAA0BJ,iCAAiC,GAAGA;MAC/D,CAACI,0BAA0BW,YAAY,GAAG,CAACsD,SAA2BtD,aAAasD,MAAMD,YAAAA;MACzF,CAAChE,0BAA0BwB,cAAc,GAAG,CAACyC,SAA6BzC,eAAeyC,MAAMD,YAAAA;MAC/F,CAAChE,0BAA0BiC,yBAAyB,GAAG,CAACgC,SAAwChC,0BAA0BgC,MAAMD,YAAAA;IAClI;AAEA,UAAME,cAAwCC,0BAC5C3B,kCAAkCC,IAAAA,EAAM2B,WAAW;MACjDf,UAAU;QACR,GAAGA;QACH,GAAGZ,MAAMY;MACX;MACAgB,QAAQ;QACN,GAAG5B,MAAM4B;MACX;IACF,CAAA,CAAA;AAGF,QAAI,OAAO5B,MAAM6B,iBAAiB,YAAY;AAC5CJ,cAAQK,aAAa9B,KAAK6B,YAAY;IACxC;AAEA,QAAI7B,MAAM+B,gCAAgC,MAAM;AAC9CN,cAAQK,aAAa,CAACE,aAAAA;AACpB,YAAIhC,MAAMiC,yBAAyB;AACjC,eAAKjC,KAAKiC,wBAAwBR,SAASO,QAAAA;QAC7C;MACF,CAAA;IACF;AAEA,WAAOP;EACT;EAEA,OAAOS,YACLlC,MAG8B;AAC9B,QAAI,CAACa,mBAAkBC,WAAW;AAChC,UAAId,MAAMmC,oBAAoB,MAAM;AAClC,cAAMjB,MAAM,oFAAoF;MAClG;AACAL,yBAAkBC,YAAYD,mBAAkBS,YAAYtB,IAAAA;IAC9D;AACA,WAAOa,mBAAkBC;EAC3B;AACF;;;AElQO,IAAMsB,mCAAmC,8BAC9CC,SAAAA;AAEA,QAAM,EAAEC,mBAAmBC,wBAAuB,IAAKF;AAEvD,SAAOG,iCAAiC;IACtC,GAAID,2BAA2B;MAAEE,gCAAgC,MAAMC,0CAA0C;QAAEH;MAAwB,CAAA;IAAG;IAC9I,GAAID,qBAAqB;MAAEK,0BAA0B,MAAMC,oCAAoC;QAAEN;MAAkB,CAAA;IAAG;EACxH,CAAA;AACF,GATgD;AAWzC,IAAMM,sCAAsC,8BACjDP,SAAAA;AAEA,QAAM,EAAEC,kBAAiB,IAAKD;AAC9B,SAAOC,kBAAkBO,OAAO,CAACC,gBAAgBC,YAAAA;AAC/C,UAAMC,YAAYD,QAAQE,UAAU;AACpCH,mBAAeI,IAAIF,WAAWD,OAAAA;AAC9B,WAAOD;EACT,GAAG,oBAAIK,IAAAA,CAAAA;AACT,GATmD;AAW5C,IAAMT,4CAA4C,8BACvDL,SAAAA;AAEA,QAAM,EAAEE,wBAAuB,IAAKF;AACpC,QAAMe,eAAe,oBAAID,IAAAA;AAEzB,QAAME,qBAAqB,wBAACC,OAAYC,YAAoB,OAAE;AAC5DC,WAAOC,QAAQH,KAAAA,EAAOI,QAAQ,CAAC,CAACC,KAAKC,KAAAA,MAAM;AACzC,UAAID,QAAQ,eAAeA,QAAQ,cAAc;AAC/C;MACF;AAEA,UAAIA,QAAQ,aAAaE,MAAMC,QAAQF,KAAAA,GAAQ;AAC7CA,cAAMF,QAAQ,CAAC,EAAEK,MAAMd,SAAS,GAAE,MAAiB;AACjD,cAAI,CAACc,MAAM;AACT;UACF;AAGA,cAAI,CAACX,aAAaY,IAAIf,MAAAA,GAAS;AAC7BG,yBAAaF,IAAID,QAAQ,CAAA,CAAE;UAC7B;AACAG,uBAAaa,IAAIhB,MAAAA,EAASiB,KAAK;YAAEP,KAAKJ;YAAWQ;UAAK,CAAA;QACxD,CAAA;MACF,WAAW,OAAOH,UAAU,YAAYA,UAAU,MAAM;AACtDP,2BAAmBO,OAAOL,YAAY,GAAGA,SAAAA,IAAaI,GAAAA,KAAQA,GAAAA;MAChE;IACF,CAAA;EACF,GAtB2B;AAwB3BN,qBAAmBd,uBAAAA;AACnB,SAAOa;AACT,GAhCyD;AAkClD,IAAMe,sCAAsC,8BAAO9B,SAAAA;AACxD,QAAM,EAAEC,kBAAiB,IAAKD;AAE9B,SAAO;IACL,GAAIC,kBAAkByB,QAAQ;MAC5BK,OAAO9B,kBAAkByB;IAC3B;IACA,GAAIzB,kBAAkBW,UAAU;MAC9BA,QAAQX,kBAAkBW;IAC5B;IACA,GAAIX,kBAAkB+B,QAAQ;MAC5BA,MAAM;QACJ,IAAK/B,kBAAkB+B,KAAKC,OAAehC,kBAAkB+B,KAAKE,QAAQ;UACxEA,KAAKjC,kBAAkB+B,MAAMC,OAAehC,kBAAkB+B,KAAKE;QACrE;QACA,GAAIjC,kBAAkB+B,KAAKG,YAAY;UACrCC,KAAKnC,kBAAkB+B,MAAMG;QAC/B;MACF;IACF;IACA,GAAIlC,kBAAkBoC,eAAe;MACnCA,aAAapC,kBAAkBoC;IACjC;IAEA,GAAIpC,kBAAkBqC,cAAc;MAClCC,MAAM;QACJC,OAAOvC,kBAAkBqC;MAC3B;IACF;IACA,IAAKrC,kBAAkBwC,oBAAoBxC,kBAAkByC,qBAAqB;MAChFC,YAAY;QACV,GAAI1C,kBAAkBwC,oBAAoB;UACxCG,OAAO;YACL,IAAK3C,kBAAkBwC,iBAAiBR,OAAehC,kBAAkBwC,iBAAiBP,QAAQ;cAChGA,KAAKjC,kBAAkBwC,kBAAkBR,OAAehC,kBAAkBwC,iBAAiBP;YAC7F;YACA,GAAIjC,kBAAkBwC,iBAAiBN,YAAY;cACjDC,KAAKnC,kBAAkBwC,kBAAkBN;YAC3C;UACF;QACF;QACA,GAAIlC,kBAAkByC,oBAAoB;UACxCF,OAAOvC,kBAAkByC;QAC3B;MACF;IACF;EACF;AACF,GA/CmD;AAiD5C,IAAMvC,mCAAmC,8BAC9CH,SAAAA;AAEA,QAAM,EACJM,2BAA2B,oBAAIQ,IAAAA,GAC/BV,iCAAiC,oBAAIU,IAAAA,EAA2C,IAC9Ed;AAEJ,QAAM6C,UAAyBrB,MAAMsB,KAAK,oBAAIC,IAAI;OAAI3C,+BAA+B4C,KAAI;OAAO1C,yBAAyB0C,KAAI;GAAG,CAAA;AAEhI,SAAOC,QAAQC,IACbL,QAAQM,IAAI,OAAOvC,WAAAA;AACjB,UAAMF,UAAUJ,yBAAyBsB,IAAIhB,MAAAA;AAC7C,UAAMwC,SAAShD,+BAA+BwB,IAAIhB,MAAAA;AAElD,WAAO;MACL,GAAIF,WAAY,MAAMoB,oCAAoC;QAAE7B,mBAAmBS;MAAQ,CAAA;MACvF,GAAIE,OAAOyC,SAAS,KAAK;QAAEzC;MAAO;MAClCwC;IACF;EACF,CAAA,CAAA;AAEJ,GAtBgD;AAwBzC,IAAME,iCAAiC,8BAAOtD,SAAAA;AACnD,QAAM,EAAEC,mBAAmBsD,eAAc,IAAKvD;AAE9C,SAAOwD,+BAA+B;IACpC,GAAID,kBAAkB;MAAEA,gBAAgB,MAAME,gCAAgC;QAAEF;MAAe,CAAA;IAAG;IAClG,GAAItD,qBAAqB;MAAEK,0BAA0B,MAAMoD,kCAAkC;QAAEzD;MAAkB,CAAA;IAAG;EACtH,CAAA;AACF,GAP8C;AASvC,IAAMyD,oCAAoC,8BAC/C1D,SAAAA;AAEA,QAAM,EAAEC,kBAAiB,IAAKD;AAC9B,SAAOC,kBAAkBO,OAAO,CAACC,gBAAgBC,YAAAA;AAC/C,UAAMC,YAAYD,QAAQiD,QAAQ;AAClClD,mBAAeI,IAAIF,WAAWD,OAAAA;AAC9B,WAAOD;EACT,GAAG,oBAAIK,IAAAA,CAAAA;AACT,GATiD;AAW1C,IAAM2C,kCAAkC,8BAC7CzD,SAAAA;AAEA,QAAM,EAAEuD,eAAc,IAAKvD;AAC3B,QAAMe,eAAe,oBAAID,IAAAA;AAEzByC,iBAAelC,QAAQ,CAACJ,UAAAA;AACtBA,UAAMP,SAASW,QAAQ,CAACX,YAAAA;AACtB,YAAM,EAAEiD,OAAO,IAAIC,MAAK,IAAKlD;AAC7B,YAAMY,MAAML,MAAM4C,KAAKV,IAAI,CAAC5B,UAA0BuC,OAAOvC,KAAAA,CAAAA,EAAQwC,KAAK,GAAA;AAC1E,UAAI,CAAChD,aAAaY,IAAIgC,IAAAA,GAAO;AAC3B5C,qBAAaF,IAAI8C,MAAM,CAAA,CAAE;MAC3B;AACA5C,mBAAaa,IAAI+B,IAAAA,EAAO9B,KAAK;QAAEP;QAAKI,MAAMkC;MAAM,CAAA;IAClD,CAAA;EACF,CAAA;AAEA,SAAO7C;AACT,GAlB+C;AAoBxC,IAAMiD,oCAAoC,8BAAOhE,SAAAA;AACtD,QAAM,EAAEC,kBAAiB,IAAKD;AAE9B,SAAO;IACL,GAAIC,kBAAkByB,QAAQ;MAC5BK,OAAO9B,kBAAkByB;IAC3B;IACA,GAAIzB,kBAAkB0D,QAAQ;MAC5B/C,QAAQX,kBAAkB0D;IAC5B;IACA,GAAI1D,kBAAkBgE,WAAWC,QAAQlC,QAAQ;MAC/CA,MAAM;QACJ,GAAI/B,kBAAkBgE,UAAUC,OAAOlC,KAAKE,OAAO;UACjDA,KAAKjC,kBAAkBgE,UAAUC,OAAOlC,KAAKE;QAC/C;QACA,GAAIjC,kBAAkBgE,UAAUC,OAAOlC,KAAKG,YAAY;UACtDC,KAAKnC,kBAAkBgE,UAAUC,OAAOlC,KAAKG;QAC/C;MACF;IACF;IACA,GAAIlC,kBAAkBoC,eAAe;MACnCA,aAAapC,kBAAkBoC;IACjC;IACA,GAAIpC,kBAAkBgE,WAAWC,QAAQ5B,cAAc;MACrDC,MAAM;QACJC,OAAOvC,kBAAkBgE,UAAUC,OAAO5B;MAC5C;IACF;IACA,GAAIrC,kBAAkBgE,WAAWC,QAAQxB,oBAAoB;MAC3DC,YAAY;QACVH,OAAOvC,kBAAkBgE,UAAUC,OAAOxB;MAC5C;IACF;EACF;AACF,GAlCiD;AAoC1C,IAAMc,iCAAiC,8BAAOxD,SAAAA;AACnD,QAAM,EAAEM,2BAA2B,oBAAIQ,IAAAA,GAAyCyC,iBAAiB,oBAAIzC,IAAAA,EAA2C,IAC9Id;AAEF,QAAM6C,UAAyBrB,MAAMsB,KAAK,oBAAIC,IAAI;OAAIQ,eAAeP,KAAI;OAAO1C,yBAAyB0C,KAAI;GAAG,CAAA;AAEhH,SAAOC,QAAQC,IACbL,QAAQM,IAAI,OAAOvC,WAAAA;AACjB,UAAMF,UAAUJ,yBAAyBsB,IAAIhB,MAAAA;AAC7C,UAAMwC,SAASG,eAAe3B,IAAIhB,MAAAA;AAElC,WAAO;MACL,GAAIF,WAAY,MAAMsD,kCAAkC;QAAE/D,mBAAmBS;MAAQ,CAAA;MACrF,GAAIE,OAAOyC,SAAS,KAAK;QAAEzC;MAAO;MAClCwC;IACF;EACF,CAAA,CAAA;AAEJ,GAlB8C;AAqBvC,IAAMe,2BAA2B,8BAAOnE,SAAAA;AAC7C,QAAM,EAAEoE,eAAeC,kCAAiC,IAAKrE;AAE7D,SAAO;IACL,GAAIqE,mCAAmCC,eAAe;MACpDvC,OAAOsC,kCAAkCC;IAC3C;IACA,GAAIF,cAAc1C,QAAQ;MACxBK,OAAOqC,cAAc1C;IACvB;IACA,GAAI0C,cAAcxD,UAAU;MAC1BA,QAAQwD,cAAcxD;IACxB;IACA,IAAKwD,cAAcpC,QAAQqC,mCAAmCE,aAAa;MACzEvC,MAAM;QACJ,GAAIqC,mCAAmCE,YAAY;UACjDrC,KAAKmC,mCAAmCE;QAC1C;QACA,IAAKH,cAAcpC,MAAMC,OAAemC,cAAcpC,MAAME,QAAQ;UAClEA,KAAKkC,cAAcpC,MAAMC,OAAemC,cAAcpC,MAAME;QAC9D;QACA,GAAIkC,cAAcpC,MAAMG,YAAY;UAClCC,KAAKgC,cAAcpC,MAAMG;QAC3B;MACF;IACF;IACA,GAAIiC,cAAc/B,eAAe;MAC/BA,aAAa+B,cAAc/B;IAC7B;IACA,GAAI+B,cAAc9B,cAAc;MAC9BC,MAAM;QACJC,OAAO4B,cAAc9B;MACvB;IACF;IACA,GAAI+B,mCAAmCG,cAAc;MACnDC,WAAWJ,kCAAkCG;IAC/C;IACA,GAAIH,mCAAmCK,WAAW;MAChDC,QAAQN,kCAAkCK;IAC5C;IACA,GAAIL,mCAAmCO,cAAc;MACnDC,WAAWR,kCAAkCO;IAC/C;IACA,GAAIP,mCAAmCS,YAAY;MACjDA,UAAUT,kCAAkCS;IAC9C;EACF;AACF,GA/CwC;;;AHlLjC,IAAMC,wBAAwB,8BAAOC,SAAAA;AAC1C,QAAM,EAAEC,sBAAsBC,QAAO,IAAKF;AAC1C,QAAMG,qBAA4E,CAAC;AACnF,QAAMC,QAAQC,IACZC,OAAOC,QAAQN,oBAAAA,EAAsBO,IAAI,OAAO,CAACC,UAAUC,0BAAAA,MAA2B;AACpF,QAAIC;AACJ,QAAID,2BAA2BE,WAAW,aAAa;AACrD,YAAMC,MAAoFH,2BAA4BG;AACtH,UAAIA,IAAIC,WAAW,MAAA,GAAS;AAC1B,YAAI;AACFH,8BAAoB,MAAMT,QAAQa,MAAMC,iCAAiC;YAAEH;UAAI,CAAA;QACjF,QAAQ;QAER;MACF;IACF;AACA,QAAII,uBAA8D,CAAA;AAClE,QAAIN,mBAAmB;AACrBM,6BAAuB,MAAMC,+BAA+B;QAC1DC,mBAAmBR,kBAAkBS;QACrCC,gBAAgBV,kBAAkBW;MACpC,CAAA;IACF,OAAO;AACLL,6BAAuB,MAAMM,iCAAiC;QAC5DJ,mBAAmBT,2BAA2BU;QAC9CI;;UAEEvB,qBAAqBqB,WAAWG,SAAYf,2BAA2BY,SAASZ,2BAA2BgB;;MAC/G,CAAA;IACF;AAEA,UAAMC,iBAAiB,MAAMvB,QAAQC,IACnCY,qBAAqBT,IACnB,OAAOmB,oBAA4D,MAAMzB,QAAQa,MAAMa,+BAA+B;MAAED,gBAAAA;IAAe,CAAA,CAAA,CAAA;AAG3I,UAAME,wBAAwB;AAC9B,UAAMC,2BAAuBC,wDAAgCrB,0BAAAA;AAC7D,UAAMsB,kBAAiCF,qBAAqBG,WAAW,QAAIC,sBAAQL,qBAAAA,IAAyBC;AAC5G,UAAMK,0BAA0BH,gBAAgBI,OAAO,CAACC,SAA0BA,SAASR,qBAAAA;AAC3F1B,uBAAmBgC,wBAAwB,CAAA,CAAE,IAAIR;EACnD,CAAA,CAAA;AAGF,SAAOxB;AACT,GA7CqC;AA+C9B,IAAMmC,+BAA+B,8BAAOtC,SAAAA;AACjD,QAAM,EAAEoB,SAASmB,mCAAmCrC,QAAO,IAAKF;AAChE,SAAO,MAAMI,QAAQC,IACnBe,QAAQZ,IAAI,OAAOgC,kBAAAA;AAEjB,UAAMC,WAAW,MAAMC,yBAAyB;MAAEF;MAAeD;IAAkC,CAAA;AACnG,WAAOrC,QAAQa,MAAM4B,2BAA2B;MAAEhB,gBAAgBc;IAAS,CAAA;EAC7E,CAAA,CAAA;AAEJ,GAT4C;AAWrC,IAAMG,wCAAwC,8BACnD5C,SAAAA;AAEA,QAAM,EAAE6C,qBAAqBC,YAAW,IAAK9C;AAC7C,QAAM+C,cAAc,CAAC;AACrBzC,SAAOC,QAAQuC,WAAAA,EAAaE,QAAQ,CAAC,CAACC,KAAKC,MAAAA,MAAO;AAChD,UAAMC,SAAS,CAACD,OAAOtC,UAAUiC,oBAAoBrC,IAAI,CAAC4C,SAASA,KAAKC,YAAW,CAAA,EAAIC,SAASJ,OAAOtC,OAAOyC,YAAW,CAAA;AACzH,QAAIF,QAAQ;AACVJ,kBAAYE,GAAAA,IAAOC;IACrB;EACF,CAAA;AAEA,SAAOH;AACT,GAbqD;AAe9C,IAAMQ,iCAAiC,8BAC5CvD,SAAAA;AAEA,QAAM,EAAEwD,QAAQ7B,eAAc,IAAK3B;AAEnC,SAAO2B,gBAAgB8B,KACrB,CAAChB,aACCe,SAASf,SAASe,QAAQ1C,WAAW0C,MAAAA,KAAWf,SAASe,WAAW/B,SAAYgB,SAASe,WAAW/B,MAAAA;AAE1G,GAT8C;AAWvC,IAAMiC,2BAA2B,8BAAO1D,SAAAA;AAC7C,QAAM,EAAE2D,kBAAkBC,QAAQC,8BAA8BC,kBAAkB5D,QAAO,IAAKF;AAE9F,QAAM+D,aAAaC,8BAA8BL,iBAAiBM,mBAAmBC,kBAAkB;AAEvG,QAAMC,YAAYC,kCAAiBC,8BAA8BN,YAAY;IAAEH,QAAQA,UAAUU;EAAc,CAAA;AAC/G,MACEH,UAAUI,SAASC,KAAKlB,SAAS,WAAA,MAChC,OAAOa,UAAUI,SAASE,IAAIC,WAAW,WACtCP,UAAUI,SAASE,IAAIC,QAAQpB,SAAS,WAAA,IACxCa,UAAUI,SAASE,IAAIC,QAAQC,oBAAoBrB,SAAS,WAAA,IAChE;AAGA,UAAMpD,QAAQa,MAAM6D,eAAe;MAAEb;MAAYH;MAAQiB,kBAAkBf;IAAiB,CAAA;AAC5F,QAAIgB,KAAKC,UAAUZ,UAAUI,OAAO,EAAEjB,SAAS,qBAAA,GAAwB;AACrE,aAAO;QAAE0B,QAAQb;QAAWc,OAAOxD;QAAW0B,QAAQ;QAAM+B,YAAY,CAAA;MAAG;IAC7E;AAEA,QAAIrB,8BAA8B;AAChC,UAAI;AACF,cAAMA,6BAA6B;UACjCsB,WAAWhB;QACb,CAAA;MACF,SAASiB,GAAG;AACV,eAAO;UAAEJ,QAAQb;UAAWc,OAAOG,EAAEC;UAASlC,QAAQ;UAAM+B,YAAY,CAAA;QAAG;MAC7E;IACF;EACF;AAEA,QAAMI,qBAAyC,MAAMpF,QAAQa,MAAMwE,mBAAmB;IACpFxB;IACAH;;IAEA4B,qBAAqB;IACrBC,UAAU;MACR3B;MACA4B,kBAAkB;MAClBC,gBAAgB;MAChBC,cAAc;IAChB;EACF,CAAA;AAEA,MAAI,CAACN,mBAAmBnC,UAAUmC,mBAAmBL,OAAO;AAC1D,WAAO7E,QAAQyF,OAAOC,MAAMR,mBAAmBL,SAASc,UAAU,wDAAA,CAAA,CAAA;EACpE;AACA,SAAOT;AACT,GA/CwC;AAiDjC,IAAMU,wBAAwB,8BAAOhG,SAAAA;AAC1C,QAAM,EAAEiE,oBAAoBL,OAAM,IAAK5D;AAEvC,QAAMiG,uBAAuBjC,8BAA8BC,mBAAmBC,kBAAkB;AAEhG,QAAMgC,8BAA2D9B,kCAAiBC,8BAChF4B,sBACA;IAAErC;EAAO,CAAA;AAEX,MAAIuC;AACJ,MAAI/B,kCAAiBgC,yBAAyBF,4BAA4BnC,UAAU,GAAG;AACrFoC,sCAA8BE,4DAA4EH,4BAA4BnC,UAAU;EAClJ,WAAWK,kCAAiBkC,eAAeJ,4BAA4BnC,UAAU,GAAG;AAClF,QAAI,CAACH,QAAQ;AACX,aAAOxD,QAAQyF,OAAO,qDAAA;IACxB;AACA,UAAMU,cAAsB,wBAACC,MAAgDC,cAAsBrG,QAAQsG,QAAQ9C,OAAO4C,MAAMC,SAAAA,CAAAA,GAApG;AAC5B,UAAME,eAAe,MAAMvC,kCAAiBwC,mBAAmBV,4BAA4BnC,YAAYwC,WAAAA;AACvGJ,sCAA8BE,4DAA4EM,YAAAA;EAC5G,WAAWvC,kCAAiByC,2BAA2BX,4BAA4BnC,UAAU,GAAG;AAC9FoC,sCAA8BW,2DAAyCZ,4BAA4BnC,UAAU;EAC/G,OAAO;AACLoC,kCAAqDD,4BAA4BnC;EACnF;AAEA,QAAMgD,gBACJ,OAAOZ,4BAA4BzB,WAAW,WAC1CyB,4BAA4BzB,SAC5BN,kCAAiBgC,yBAAyBD,2BAAAA,IACxCA,4BAA4Ba,eAAexC,MAC3C2B,4BAA4BzB,OAAOuC;AAE3C,QAAM/C,qBAAqBD,mBAAmBC;AAC9C,SAAO;IACL6C;IACA9C;IACAiD,OAAOjD,mBAAmBiD;IAC1BC,yBAAyBlB;IACzBE;IACA,GAAIjC,mBAAmBkD,+BAA+B;MAAEA,6BAA6BlD,mBAAmBkD;IAA4B;EACtI;AACF,GAzCqC;AA2C9B,IAAMpD,gCAAgC,wBAACE,uBAAAA;AAC5C,MAAIH;AAEJ,MAAI,gBAAgBG,oBAAoB;AACtCH,iBAAaG,mBAAmBH;EAClC,WACE,iBAAiBG,sBACjBA,mBAAmBpB,eACnBuE,MAAMC,QAAQpD,mBAAmBpB,WAAW,KAC5CoB,mBAAmBpB,YAAYb,SAAS,GACxC;AACA8B,iBAAaG,mBAAmBpB,YAAY,CAAA,EAAGiB;EACjD;AAEA,MAAI,CAACA,YAAY;AACf,UAAM,IAAI+B,MAAM,4CAAA;EAClB;AAEA,SAAO/B;AACT,GAnB6C;AAqBtC,IAAMwD,oBAAoB,8BAAOvH,SAAAA;AACtC,QAAM,EAAEwH,aAAatH,QAAO,IAAKF;AACjC,QAAM,EAAEyH,YAAYC,cAAa,IAAKF;AACtC,MAAIE,qBAAiBC,+CAA0BD,aAAAA,GAAgB;AAC7D,WAAOA;EACT;AACA,QAAM,EACJE,6BACAC,yBACAC,UAAU,aACVC,MAAM,MAAM7H,QAAQa,MAAMiH,wCAAuC,EAAE,IACjER;AACJ,MAAIC;AAEJ,MAAIC,eAAe;AACjB,YAAIO,mCAAcP,cAAcD,UAAU,GAAG;AAC3CA,mBAAa,MAAMvH,QAAQa,MAAMmH,qBAAqBR,aAAAA;IACxD,WAAW,CAACA,cAAcS,UAAUX,YAAYK,wBAAwBvE,SAAS,KAAA,GAAQ;AACvFmE,mBAAa,UAAMW,4CAAuBV,eAAexH,OAAAA;IAC3D,WAAWwH,cAAcS,UAAU,CAACN,wBAAwBvE,SAASoE,cAAcS,MAAM,GAAG;AAC1F,YAAMrC,MAAM,8BAA8B4B,cAAcS,MAAM,iCAAiCN,wBAAwBQ,KAAK,GAAA,CAAA,EAAM;IACpI,OAAO;AACLZ,mBAAa,MAAMvH,QAAQa,MAAMmH,qBAAqBR,aAAAA;IACxD;EACF;AACA,QAAMY,eAAe;IAAE,GAAGpI;IAASa,OAAOb,QAAQa;EAAmB;AAErE,OACG,CAAC2G,qBAAiBO,mCAAcP,cAAcD,UAAU,MACzDG,gCACC,CAACC,2BAA2BA,wBAAwB5F,WAAW,KAAK4F,wBAAwBzF,OAAO,CAAC+F,WAAWA,OAAOrH,WAAW,KAAA,CAAA,IAClI;AAEA,UAAM,EAAEqC,QAAQoF,QAAO,IAAK,UAAMC,kDAA6BF,cAAc;MAC3EH,QAAQP;MACRa,YAAY;QACVC,SAAS;UACPrG,MAAMmF,YAAYM;UAClBa,KAAKC,0BAAOC;UACZC,WAAWtB,YAAYsB;UACvBf,KAAKP,YAAYO;QACnB;MACF;IACF,CAAA;AACAN,iBAAa,MAAMvH,QAAQa,MAAMgI,0BAA0B;MACzDtB,YAAYtE;MACZ2E;MACAkB,4BAA4B7F,OAAO8F,IAAInI,WAAW,WAAA;IACpD,CAAA;AACA,QAAIyH,SAAS;AACX,YAAMD,aAAavH,MAAMmI,KAAKC,mBAAmBC,oBAAoB;QAAE3B;MAAW,CAAA;IACpF;EACF,WAAWI,wBAAwBvE,SAAS,KAAA,GAAQ;AAElD,UAAML,MAAM,MAAM/C,QAAQa,MAAMsI,iBAAiB;MAAEhH,MAAMyF;MAASC;MAAKuB,MAAM;QAAEC,UAAU,OAAOzB,OAAAA,IAAW0B,KAAKC,IAAG,CAAA;MAAK;IAAE,CAAA;AAE1HhC,iBAAa,UAAMW,4CAAuB;MAAED,QAAQ;MAAOV,YAAYxE;MAAKyG,WAAWzG,IAAI0G;IAAI,GAAGzJ,OAAAA;EAIpG,OAAO;AACL,UAAM4F,MAAM,qDAAqD+B,wBAAwBQ,KAAK,GAAA,CAAA,EAAM;EACtG;AACArI,OAAKwH,YAAYC,aAAaA;AAC9B,SAAOA;AACT,GAjEiC;AAmE1B,IAAMmC,sCAAsC,8BACjD5J,SAAAA;AAEA,MAAImD,SAAS,CAAC;AACZ,GAAA,MAAM0G,8BAA8B7J,IAAAA,GAAOgD,QAAQ,CAAC8G,cAAAA;AACpD3G,aAAS;MAAE,GAAGA;MAAQ,GAAG2G;IAAU;EACrC,CAAA;AACA,SAAO3G;AACT,GARmD;AAU5C,IAAM0G,gCAAgC,8BAC3C7J,SAAAA;AAEA,QAAM,EAAEkH,OAAO6C,iBAAgB,IAAK/J;AACpC,MAAIqH,MAAMC,QAAQJ,KAAAA,KAAUA,MAAMjF,SAAS,GAAG;AAC5C,WAAO7B,QAAQC,IAAI6G,MAAM1G,IAAI,CAAC6B,SAAS2H,8CAA8C;MAAE,GAAGhK;MAAMkH,OAAO7E;IAAK,CAAA,CAAA,CAAA;EAC9G,WAAWgF,MAAMC,QAAQyC,gBAAAA,KAAqBA,iBAAiB9H,SAAS,GAAG;AACzE,WAAO7B,QAAQC,IACb0J,iBAAiBvJ,IAAI,CAACyJ,oBACpBD,8CAA8C;MAC5C,GAAGhK;MACHiK;MACA/C,OAAOzF;IACT,CAAA,CAAA,CAAA;EAGN;AACA,QAAMyI,UAAU,MAAMF,8CAA8C;IAClE,GAAGhK;IACHkH,OAAOzF;IACPwI,iBAAiBxI;EACnB,CAAA;AACA,SAAOyI,WAAW5J,OAAO6J,KAAKD,OAAAA,EAASjI,SAAS,IAAI;IAACiI;MAAW,CAAA;AAClE,GAvB6C;AA6BtC,IAAMF,gDAAgD,8BAC3DhK,SAAAA;AAEA,QAAM,EAAEoK,QAAQvH,qBAAqBoH,gBAAe,IAAKjK;AACzD,MAAI,EAAEY,SAASa,QAAWyF,QAAQzF,OAAS,IAAKzB;AAEhD,WAASqK,kBAAkBP,WAA2C;AACpE,UAAMlJ,UAASkJ,UAAUlJ;AACzB,UAAMyB,WAAeiI,2CAAmBR,SAAAA,GAAYzB,KAAAA,KAAU;AAC9D,UAAMpB,KAAK,GAAG5E,IAAAA,IAAQzB,OAAAA;AACtB,WAAOqG;EACT;AALSoD;AAOT,MAAIJ,iBAAiB;AACnB,UAAMM,gBAAeH,OAAOI,wBAAwB/I,QAAWb,MAAAA;AAC/D,WAAON,OAAOmK,YACZnK,OAAOC,QAAQgK,aAAAA,EAAcnI,OAC3B,CAAC,CAAC6E,IAAI6C,SAAAA,MAAe7C,OAAOgD,mBAAmBH,UAAU7C,OAAOgD,mBAAmBI,kBAAkBP,SAAAA,MAAeG,eAAAA,CAAAA;EAG1H;AAEA,MAAI,CAACG,OAAOM,iBAAiB;AAC3B,WAAOtK,QAAQyF,OAAOC,MAAM,yCAAA,CAAA;EAC9B;AACA,MAAI,CAACoB,OAAO;AACV,WAAO9G,QAAQyF,OAAOC,MAAM,+BAAA,CAAA;EAC9B;AAEA,QAAM6E,qBAAiBC,gDAAwB;IAC7C1D,OAAO;MAACA;;IACRtG;IACAiK,SAAST,OAAOS,QAAO;IACvBC,gBAAgBV,OAAOW,iBAAiBC;EAC1C,CAAA;AACA,MAAIT;AAEJ,MAAI,CAAClD,MAAMC,QAAQqD,cAAAA,GAAiB;AAClCJ,mBAAeI;EACjB,OAAO;AACLJ,mBAAe,CAAC;AAChBI,mBAAe3H,QAAQ,CAAC8G,cAAAA;AACtB,UAAIA,UAAU7C,IAAI;AAChBsD,qBAAaT,UAAU7C,EAAE,IAAc6C;AACvC;MACF;AACA,YAAM7C,KAAKoD,kBAAkBP,SAAAA;AAC7BS,mBAAatD,EAAAA,IAAM6C;IACrB,CAAA;EACF;AAEA,MAAImB,6BAA6B,MAAMrI,sCAAsC;IAC3EE,aAAayH;IACb1H;EACF,CAAA;AACA,MAAI,CAACoI,8BAA8B3K,OAAO6J,KAAKc,0BAAAA,EAA4BhJ,WAAW,GAAG;AACvFiJ,+BAAIC,QAAQ,8CAA8Cf,OAAOgB,UAAS,CAAA,EAAI;EAChF;AAEA,MAAIhB,OAAOM,oBAAoBjJ,QAAW;AACxC,WAAOwJ;EACT;AAEA,QAAMP,kBAAkBN,OAAOM,gBAAgBW;AAE/C,MAAIC;AACJ,MAAI,kCAAkCZ,iBAAiB;AACrDY,yBAAqBhL,OAAOmK,YAC1BnK,OAAOC,QAAQ0K,0BAAAA,EAA4B7I,OAAO,CAAC,CAAC3B,UAAUyC,MAAAA,MAAYwH,gBAAgBa,6BAA6BjI,SAAS7C,QAAAA,CAAAA,CAAAA;AAElI,QAAIH,OAAO6J,KAAKmB,kBAAAA,EAAoBrJ,WAAW,GAAG;AAChD,YAAM,IAAI6D,MAAM,4DAA4D4E,gBAAgBa,6BAA6BlD,KAAK,IAAA,CAAA,EAAO;IACvI;EACF,OAAO;AACLiD,yBAAqBL;EACvB;AACA,MAAI3K,OAAO6J,KAAKmB,kBAAAA,EAAoBrJ,WAAW,GAAG;AAEhD,UAAM,IAAI6D,MAAM,0DAA0D;EAC5E;AAEA,SAAOwF;AACT,GAlF6D;AAoFtD,IAAME,kBAAkB,8BAAOxL,SAAAA;AACpC,QAAM;IACJoK;IACAnK;;IAEAC;IACAuL;IACAC;IACAC;IACAC;EAAgB,IACd5L;AAEJ,MAAIC,yBAAyBwB,UAAanB,OAAO6J,KAAKlK,oBAAAA,EAAsBgC,WAAW,GAAG;AACxF,WAAO7B,QAAQyF,OAAOC,MAAM,0BAAA,CAAA;EAC9B;AAEA,QAAM0F,mBAAgDlL,OAAOuL,OAAO5L,oBAAAA,EAAsBO,IAAI,OAAOsL,wBAAAA;AAKnG,UAAMC,qBAA6B,MAAMC,uBAAuB;MAC9DF;MACA1B;MACAsB;MACAC;IACF,CAAA;AACA,UAAM,EAAEM,WAAWC,QAAO,IAAK,MAAMC,kBAAkB;MACrDL;MACA1B;MACAqB;IACF,CAAA;AACA,QAAIS,QAAQjK,UAAU,GAAG;AACvBmK,cAAQC,IAAI,sFAAsF;AAClGH,cAAQI,KAAK,KAAA;IACf;AACA,UAAM9E,cAAcoE,mBAChB;MAAE,GAAGE;MAAqB,GAAGF;IAAiB,IAC7C;MACC,GAAGE;MACHlE,6BAA6BqE;MAC7BpE,yBAAyBqE;MACzBtL,QAAQkL,oBAAoBlL;MAC5BkH,SAASsC,OAAOmC,OAAM,IAAK,kBAAcC,mDAA8B;QAAEC,KAAKV;MAAmB,CAAA;MACjG,GAAI3B,OAAOmC,OAAM,KAAM;QAAEzD,WAAW;MAAO;IAC7C;AACJ,UAAMrB,aAAa,MAAMF,kBAAkB;MAAEC;MAAatH;IAAQ,CAAA;AAClE,QAAI,CAACkK,OAAOsC,gBAAYC,kDAA6BlF,UAAAA,GAAa;AAGhE2C,aAAOsC,WAAWjF,WAAW/C,UAAU+C,WAAWwB;IACpD;AACA,WAAO;MAAE,GAAGzB;MAAaC;IAAW;EACtC,CAAA;AAEA,SAAO,MAAMrH,QAAQC,IAAImL,gBAAAA;AAC3B,GAxD+B;AA0DxB,IAAMW,oBAAoB,8BAC/BS,SAAAA;AAKA,QAAM,EAAExC,QAAQ0B,qBAAqBL,qBAAoB,IAAKmB;AAC9D,QAAM,EAAEhM,QAAQiM,wCAAuC,IAAKf;AAC5D,MAAII,UAAqC,CAAA;AACzC,MAAIW,2CAA2CxF,MAAMC,QAAQuF,uCAAAA,GAA0C;AACrGX,cAAUW;AACV,UAAMC,aAAiDrB,qBAAqBhI,KAAK,CAAC0E,WAChF0E,wCAAwCvJ,SAAS,OAAO6E,OAAO9E,YAAW,CAAA,EAA6B,CAAA;AAEzG,QAAIyJ,YAAY;AACd,aAAO;QAAEZ;QAASD,WAAWa;MAAW;IAC1C,WAAWD,wCAAwCvJ,SAAS,KAAA,GAAQ;AAClE,aAAO;QAAE4I;QAASD,WAAWrL,SAAS6K,qBAAqB,CAAA,IAAKA,qBAAqB,CAAA;MAAG;IAC1F,WAAWS,QAAQjK,SAAS,GAAG;AAC7B,aAAO;QAAEiK;MAAQ;IACnB;AACAE,YAAQW,KACN,yIAAyI;EAE7I;AAEA,MAAI3C,OAAOmC,OAAM,GAAI;AACnB,WAAO;MAAEL,SAAS;QAAC;;MAAQD,WAAWe,2CAAuBC;IAAQ;EACvE;AAGAf,YAAU;IAAC;;AACX,MAAI,CAACtL,UAAWA,OAAO0C,SAAS,KAAA,KAAU,CAAC1C,QAAQ0C,SAAS,gBAAA,GAAoB;AAC9E,WAAO;MAAE4I;MAASD,WAAWrL,SAAS6K,qBAAqB,CAAA,IAAKA,qBAAqB,CAAA;IAAG;EAC1F,OAAO;AAEL,WAAO;MAAES;MAASD,WAAWR,qBAAqB,CAAA;IAAG;EACvD;AACF,GAtCiC;AAwC1B,IAAMO,yBAAyB,8BAAOY,SAAAA;AAC3C,QAAM,EAAExC,QAAQ0B,qBAAqBJ,kCAAkCC,oCAAmC,IAAKiB;AAE/G,MAAIM;AACJ,MAAI,2BAA2BpB,uBAAuBA,oBAAoBqB,uBAAuB;AAC/F,QAAI,SAASrB,oBAAoBqB,yBAAyBrB,oBAAoBqB,sBAAsBC,KAAK;AACvGF,+BAAyBpB,oBAAoBqB,sBAAsBC,IAAIC;IACzE,WAAW,YAAYvB,oBAAoBqB,yBAAyBrB,oBAAoBqB,sBAAsBG,QAAQ;AACpHJ,+BAAyBpB,oBAAoBqB,sBAAsBG,OAAOD;IAC5E,WAAW,SAASvB,oBAAoBqB,yBAAyBrB,oBAAoBqB,sBAAsBI,KAAK;AAC9GL,+BAAyBpB,oBAAoBqB,sBAAsBI,IAAIF;AACvEjB,cAAQnH,MAAM,8EAAA;IAChB,OAAO;AACL,aAAO7E,QAAQyF,OAAOC,MAAM,mCAAmC,CAAA;IACjE;EACF,OAAO;AACLoH,iCAAyBhL;;MAEvB4J,oBAAoB0B,2CAA2C1B,oBAAoBuB,sCAAsC,CAAA;IAAE;EAE/H;AAGA,UAAQvB,oBAAoBlL,QAAM;;IAEhC,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK,YAAY;AACf,YAAM6M,uBAAqF/B,iCAAiCtJ,OAC1H,CAACsL,UAAiER,uBAAuB5J,SAASoK,KAAAA,CAAAA;AAGpG,UAAID,qBAAqBxL,SAAS,GAAG;AACnC,eAAOwL,qBAAqB,CAAA;MAC9B,WAAWrD,OAAOmC,OAAM,GAAI;AAC1B,eAAOoB,wCAAuBC;MAChC;AAGA,YAAMC,WAAWnC,iCAAiC,CAAA;AAClDU,cAAQC,IAAI,4GAA4GwB,QAAAA,EAAU;AAClI,aAAOA;IACT;;IAEA,KAAK;;IAEL,KAAK;IACL,KAAK,UAAU;AACb,YAAMJ,uBAAsC9B,oCAAoCvJ,OAAO,CAACsL,UACtFR,uBAAuB5J,SAASoK,KAAAA,CAAAA;AAElC,UAAID,qBAAqBxL,SAAS,GAAG;AACnC,eAAOwL,qBAAqB,CAAA;MAC9B;AAGA,YAAMI,WAAWlC,oCAAoC,CAAA;AACrDS,cAAQC,IAAI,4GAA4GwB,QAAAA,EAAU;AAClI,aAAOA;IACT;IACA;AACE,aAAOzN,QAAQyF,OAAOC,MAAM,sBAAsBgG,oBAAoBlL,MAAM,iBAAiB,CAAA;EACjG;AACF,GAlEsC;AAoE/B,IAAMkN,mCAAmC,8BAC9C9N,MACAE,YAAAA;AAEA,QAAM,EAAE6N,uBAAuBC,yBAAyBC,QAAO,IAAKjO;AAEpE,MAAI,CAAC+N,uBAAuB;AAC1B,WAAO3N,QAAQyF,OAAOC,MAAM,4CAAA,CAAA;EAC9B;AAEA,MAAI,CAACmI,SAAS;AACZ,WAAO7N,QAAQyF,OAAOC,MAAM,4BAAA,CAAA;EAC9B;AAEA,QAAMoI,4BAA4BC,kBAAkBC,YAAY;IAC9DL;IACAE;IACA3F,cAAcpI;IACd8N;EACF,CAAA;AAEA,SAAO,IAAI5N,QAAQ,CAACsG,SAASb,WAAAA;AAC3B,QAAI;AACFqI,gCAA0BG,aAAa,CAACC,UAAAA;AACtC,YAAIA,MAAMC,QAAQC,4BAA4BC,IAAI,GAAG;AACnD,gBAAMC,4BAA4BJ,MAAMpO,QAAQwO;AAChD,cAAI,CAACA,2BAA2B;AAC9B7I,mBAAOC,MAAM,uCAAA,CAAA;UACf;AACAY,kBAAQgI,yBAAAA;QACV,WAAWJ,MAAMC,QAAQC,4BAA4BG,OAAO,GAAG;AAC7DjI,kBAAQ8H,4BAA4BG,OAAO;QAC7C,WAAWL,MAAMC,QAAQC,4BAA4BI,QAAQ,GAAG;AAC9DlI,kBAAQ8H,4BAA4BI,QAAQ;QAC9C,WAAWN,MAAMC,QAAQC,4BAA4BvJ,KAAK,GAAG;AAC3DY,iBAAOyI,MAAMpO,QAAQ+E,KAAK;QAC5B;MACF,CAAA;AACAiJ,gCAA0BW,MAAK;IACjC,SAAS5J,OAAO;AACdY,aAAOZ,KAAAA;IACT;EACF,CAAA;AACF,GA3CgD;;;ALvezC,IAAM6J,8BAA6C;EACxD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGF,IAAMC,SAASC,0BAAQC,QAAQC,IAAI,yBAAA;AAE5B,SAASC,aACdC,YACAC,SACAC,OAAc;AAEd,SAAO,OAAOC,KAAUC,KAAcC,uBAAAA;AACpC,QAAIC,aAAa,MAAML,QAAQM,MAAMC,qBAAqBR,UAAAA;AAC1D,UAAMS,MAAMN,IAAIO,OAAOD,QAAQH,WAAWK,WAAW,QAAQL,WAAWG,MAAMG;AAC9E,QAAI,CAACN,WAAWO,UAAU,CAACV,IAAIW,QAAQC,KAAK;AAC1C,aAAOC,QAAQC,OAAOC,MAAM,8CAA8CC,KAAKC,UAAUjB,GAAAA,CAAAA,2BAA+B,CAAA;IAC1H;AACA,UAAMO,SAASP,IAAIO;AACnB,UAAMI,UAAUX,IAAIW;AACpB,QAAIZ,OAAO;AACTY,cAAQZ,QAAQA;IAClB;AACA,QAAIO,OAAOC,OAAON,KAAK;AACrBiB,cAAQC,IACN,qIAAqI;AAEvI,aAAOZ,OAAON;IAChB;AACA,YACE,MAAMH,QAAQM,MAAMgB,6BAA6B;MAC/CV,QAAQ;QAAE,GAAGP;QAAYD,oBAAoBA,sBAAsB;MAAM;MACzEmB,iBAAiBd;MACjBI;IACF,CAAA,GACAX;EACJ;AACF;AA9BgBJ;AA0DT,IAAM0B,gBAAN,MAAMA,eAAAA;EA/Mb,OA+MaA;;;EACMC;EACRC,aAAwC;IAC/CC,mBAAmBC;IACnBD,mBAAmBE;IACnBF,mBAAmBG;;EAGZC,UAA0B;IACjCC,oBAAoB,KAAKA,mBAAmBC,KAAK,IAAI;IACrDC,gCAAgC,KAAKA,+BAA+BD,KAAK,IAAI;IAC7EE,oCAAoC,KAAKA,mCAAmCF,KAAK,IAAI;IACrFG,0CAA0C,KAAKA,yCAAyCH,KAAK,IAAI;IACjGI,4CAA4C,KAAKA,2CAA2CJ,KAAK,IAAI;IACrGK,yBAAyB,KAAKA,wBAAwBL,KAAK,IAAI;IAC/DM,6BAA6B,KAAKA,4BAA4BN,KAAK,IAAI;IACvEO,4BAA4B,KAAKA,2BAA2BP,KAAK,IAAI;IACrEQ,iCAAiC,KAAKA,gCAAgCR,KAAK,IAAI;IAC/ES,qCAAqC,KAAKA,oCAAoCT,KAAK,IAAI;IACvFU,sCAAsC,KAAKA,qCAAqCV,KAAK,IAAI;IACzFW,+BAA+B,KAAKA,8BAA8BX,KAAK,IAAI;IAC3EY,+BAA+B,KAAKA,8BAA8BZ,KAAK,IAAI;IAC3Ea,gCAAgC,KAAKA,+BAA+Bb,KAAK,IAAI;IAC7Ec,kCAAkC,KAAKA,iCAAiCd,KAAK,IAAI;EACnF;EAEiBe,sBAAqC;IAAC;IAAa;IAAa;IAAY;IAAe;IAAU;;EACrGC,sCAAqD;IACpE;IACA;IACA;IACA;;EAGeC,uBAAsD;IACrEC,2CAAuBC;IACvBD,2CAAuBE;IACvBF,2CAAuBG;IACvBH,2CAAuBI;IACvBJ,2CAAuBK;;EAERC,mCAAiG;IAChHC,yCAAuBC;IACvBD,yCAAuBE;IACvBF,yCAAuBG;;EAEzB,OAAwBC,8BAA8B,GAAGC,yCAAkBC,gBAAgB;EAC1EC,kCAA4D;IAAEC,aAAa1C,eAAcsC;EAA4B;EACrHK;EACAC;EACAC;EACAC;EAEjB,YAAYC,SAAgC;AAC1C,UAAM,EACJJ,0BACAC,oBACAC,qBACAC,8BACAtB,qBACAC,qCACAC,sBACAO,kCACAe,oCACA/C,SAASgD,8BAAa,IACpB;MAAE,GAAGF;IAAQ;AAEjB,SAAK9C,SAASA;AACd,QAAIuB,wBAAwB0B,UAAa1B,oBAAoB2B,SAAS,GAAG;AACvE,WAAK3B,sBAAsBA;IAC7B;AACA,QAAIC,wCAAwCyB,UAAazB,oCAAoC0B,SAAS,GAAG;AACvG,WAAK1B,sCAAsCA;IAC7C;AACA,QAAIC,yBAAyBwB,UAAaxB,qBAAqByB,SAAS,GAAG;AACzE,WAAKzB,uBAAuBA;IAC9B;AACA,QAAIO,qCAAqCiB,UAAajB,iCAAiCkB,SAAS,GAAG;AACjG,WAAKlB,mCAAmCA;IAC1C;AACA,QAAIe,oCAAoC;AACtC,WAAKP,kCAAkCO;IACzC;AACA,SAAKL,2BAA2BA;AAChC,SAAKC,qBAAqBA;AAC1B,SAAKC,sBAAsBA;AAC3B,SAAKC,+BAA+BA;EACtC;EAEA,MAAaM,QAAQC,OAAYC,SAAyC;AACxE,YAAQD,MAAME,MAAI;MAChB,KAAKpD,mBAAmBC;AACtB,aAAKuC,2BAA2BU,MAAMG,IAAI;AAC1C;MACF,KAAKrD,mBAAmBE;AACtB,aAAKuC,qBAAqBS,MAAMG,IAAI;AACpC;MACF,KAAKrD,mBAAmBG;AACtB,aAAKuC,sBAAsBQ,MAAMG,IAAI;AACrC;MACF;AACE,eAAOC,QAAQC,OAAOC,MAAM,cAAcN,MAAME,IAAI,gBAAgB,CAAA;IACxE;EACF;;;;EAKA,MAAc5C,mCAAmCiD,MAAkCN,SAAqD;AACtI,UAAMO,2BAA2B;MAAE,GAAG,KAAKpB;MAAiC,GAAGmB,KAAKC;IAAyB;AAC7G,UAAMC,WAA6C;MACjD,CAACC,uBAAuBC,KAAK,GAAG,CAACC,SAC/B,KAAKzD,mBACH;QACE,GAAGyD;QACHJ;MACF,GACAP,OAAAA;MAEJ,CAACS,uBAAuBG,6BAA6B,GAAG,CAACD,SACvDE,iCAAiC;QAAE,GAAGF;QAAMG,yBAAyBR,KAAKS;MAAkC,GAAGf,OAAAA;MACjH,CAACS,uBAAuBO,6BAA6B,GAAG,CAACL,SACvD,KAAKpD,2CAA2CoD,MAAMX,OAAAA;MACxD,CAACS,uBAAuBQ,2BAA2B,GAAG,CAACN,SACrD,KAAKrD,yCAAyCqD,MAAMX,OAAAA;MACtD,CAACS,uBAAuBS,UAAU,GAAG,CAACP,SAAyB,KAAKnD,wBAAwBmD,MAAMX,OAAAA;MAClG,CAACS,uBAAuBU,cAAc,GAAG,CAACR,SACxC,KAAKlD,4BAA4B;QAAE2D,iBAAiBT,KAAKS,mBAAmBd,KAAKc;QAAiB,GAAGT;MAAK,GAAGX,OAAAA;MAC/G,CAACS,uBAAuBY,kBAAkB,GAAG,CAACV,SAAiC,KAAKhD,gCAAgCgD,MAAMX,OAAAA;MAC1H,CAACS,uBAAuBa,iBAAiB,GAAG,CAACX,SAAgC,KAAK3C,+BAA+B2C,MAAMX,OAAAA;MACvH,CAACS,uBAAuBc,mBAAmB,GAAG,CAACZ,SAAkC,KAAK1C,iCAAiC0C,MAAMX,OAAAA;MAC7H,CAACS,uBAAuBe,sBAAsB,GAAG,CAACb,SAAqC,KAAK/C,oCAAoC+C,MAAMX,OAAAA;MACtI,CAACS,uBAAuBgB,uBAAuB,GAAG,CAACd,SACjD,KAAK9C,qCAAqC8C,MAAMX,OAAAA;MAClD,CAACS,uBAAuBiB,gBAAgB,GAAG,CAACf,SAA+B,KAAK7C,8BAA8B6C,MAAMX,OAAAA;MACpH,CAACS,uBAAuBkB,gBAAgB,GAAG,CAAChB,SAA+B,KAAK5C,8BAA8B4C,MAAMX,OAAAA;MACpH,CAACS,uBAAuBmB,kBAAkB,GAAG,CAACjB,SAAiC,KAAKiB,mBAAmBjB,MAAMX,OAAAA;IAC/G;AAEA,UAAM6B,6BAAyD;MAC7D,GAAGvB;MACHC;MACAC,UAAU;QACR,GAAGA;QACH,GAAGF,KAAKE;MACV;IACF;AAEA,UAAM,EAAEsB,YAAW,IAAK,MAAMC,eAAeC,YAAYH,4BAA4B7B,OAAAA;AAErF,WAAO;MACL8B;IACF;EACF;;;;;;;;;EAUA,MAAc5E,mBAAmByD,MAAwBX,SAAgD;AACvG,UAAM,EAAEiC,YAAW,IAAKtB;AACxB,QAAI,CAACsB,aAAa;AAChB,YAAM5B,MAAM,0EAA0E;IACxF;AACA,UAAM,EAAE6B,MAAMtC,OAAS,IAAKqC;AAC5B,QAAI,CAACC,KAAK;AACR,aAAO/B,QAAQC,OAAOC,MAAM,gCAAA,CAAA;IAC9B;AAEA,UAAME,2BAA2B;MAAE,GAAG,KAAKpB;MAAiC,GAAGwB,KAAKJ;IAAyB;AAE7GA,6BAAyB4B,uBAAuB5B,0BAA0B4B,2BACtEC,uBAAQ7B,yBAAyB4B,oBAAoB,IACrDvC;AAEJ,QAAI,CAACW,yBAAyBnB,aAAa;AACzCmB,+BAAyBnB,cAAc1C,eAAcsC;IACvD;AACA,QAAIuB,yBAAyBnB,YAAYiD,WAAW,MAAA,KAAW,CAAC9B,yBAAyB+B,UAAU;AAGjG/B,+BAAyB+B,WAAW/B,yBAAyBnB;IAC/D;AAGA,QAAImD,UAAoB,KAAKrE;AAC7B,UAAMsE,cAAcjC,0BAA0B4B,sBAC1CM,IAAI,CAACC,WAAyC,OAAOA,WAAW,YAAY,YAAYA,UAAUA,OAAOC,SAASD,OAAOC,SAAS/C,MAAAA,EACnIgD,OAAO,CAACD,WAAW,CAAC,CAACA,MAAAA,EACrBF,IAAI,CAACE,WAAWA,MAAAA;AACnB,QAAIH,eAAeA,YAAY3C,SAAS,GAAG;AACzC0C,gBAAUM,MAAMC,KAAK,IAAIC,IAAIP,WAAAA,CAAAA;IAC/B;AACA,QAAIQ;AACJ,QAAIC;AACJ,QAAIhB,YAAYiB,qBAAqB;AACnCF,sBAAgB,MAAMG,+CAAwBC,UAAU;QAAEC,OAAOpB,YAAYiB;MAAoB,CAAA;AACjGD,cAAQD,cAAcM;IACxB,OAAO;AACLL,cAAQhB,YAAYqB;AACpB,UACEpB,IAAIG,WAAWkB,YAAYC,wBAAwB,KACnDtB,IAAIG,WAAWkB,YAAYE,uBAAuB,KAClDvB,IAAIwB,MAAM,yCAAA,GACV;AACA,YAAI,CAACT,OAAO;AAEVA,kBAAQ,MAAMU,6CAAsBC,QAAQ1B,GAAAA;QAC9C;MACF,OAAO;AACL,YAAI,CAAC,CAACe,OAAO;AACXY,iBAAOC,QAAQ,8CAA8C5B,GAAAA,EAAK;QACpE;MACF;AAEA,UAAI,CAACe,OAAO;AAEVY,eAAOE,IAAI,8CAA8C7B,GAAAA,EAAK;AAC9Dc,wBAAgB,MAAMG,+CAAwBa,qBAAqB;UACjEC,kBAAkB/B;UAClBgC,sBAAsB3D;UACtB+B,UAAU/B,yBAAyB+B;UACnC6B,+BAA+B;QACjC,CAAA;MACF,OAAO;AACLN,eAAOE,IAAI,8BAA8B7B,GAAAA,EAAK;AAC9Cc,wBAAgB,MAAMG,+CAAwBS,QAAQ;UACpD1B;UACAgC,sBAAsB3D;UACtB+B,UAAU/B,yBAAyB+B;UACnC6B,+BAA+B;QACjC,CAAA;MACF;IACF;AAEA,QAAIC,mBAAkC,CAAA;AACtC,QAAInB,OAAO;AACTmB,yBAAmBnB,MAAMoB,0BAA0BC;IACrD,OAAO;AACLF,6BAAmBhC,uBAAQ7B,yBAAyB4B,oBAAoB,EAErEM,IAAI,CAAC8B,gBAAgBA,YAAYC,2BAA2B,EAC5D5B,OAAO,CAAC6B,OAAqB,CAAC,CAACA,EAAAA;IACpC;AAEA,UAAMC,uBAAuB,MAAMC,oCAAoC;MACrEC,QAAQ5B;MACR9E,qBAAqBqE;MACrB6B;IACF,CAAA;AAEA,UAAMS,iBAAiB,MAAM7B,cAAc8B,uBAAsB;AACjE,UAAMC,qBAAqB,MAAMC,sBAAsB;MAAEN;MAAsB1E;IAAQ,CAAA;AACvF,UAAMiF,qBAAqBC,KAAKC,MAAM,MAAMnC,cAAcoC,YAAW,CAAA;AAErE,WAAO;MACLL;MACAL;MACAG;MACAI;IACF;EACF;EAEA,MAAc3H,yCACZqD,MACAX,SACqC;AACrC,UAAM,EAAEqF,uBAAuBC,QAAO,IAAK3E;AAC3C,QAAI,CAAC0E,uBAAuB;AAC1B,aAAOlF,QAAQC,OAAOC,MAAM,4CAAA,CAAA;IAC9B;AAEA,UAAMiC,WAAWgD,SAASC,WACvB9C,IAAI,CAAC+C,aAAAA;AACJ,YAAMC,mBAAmBD,SAASE,YAAYC;AAC9C,UAAIF,oBAAoB,cAAcA,kBAAkB;AACtD,eAAOA,iBAAiBnD;MAC1B;AACA,aAAO1C;IACT,CAAA,EACCgG,KAAK,CAACtD,cAAaA,SAAAA;AAEtB,QAAI,CAACA,UAAU;AACb,aAAOnC,QAAQC,OAAOC,MAAM,iDAAiD,CAAA;IAC/E;AACA,UAAMuE,SAAS,MAAMzB,+CAAwBC,UAAU;MAAEC,OAAOgC;IAAsB,CAAA;AACtF,UAAMQ,uBAAuB,MAAMjB,OAAOkB,8BAA8B;MACtE5B,sBAAsB;QACpB5B;MACF;IACF,CAAA;AACA,QAAIuD,sBAAsB;AACxBhC,aAAOE,IAAI,0BAA0B8B,oBAAAA,EAAsB;IAC7D;AACA,WAAO;MACLA;;MAEAZ,oBAAoBC,KAAKC,MAAM,MAAMP,OAAOQ,YAAW,CAAA;IACzD;EACF;EAEA,MAAc7H,2CACZoD,MACAX,SAC8C;AAC9C,UAAM,EAAE+E,oBAAoBgB,QAAQC,qBAAiDtB,qBAAoB,IAAK/D;AAO9GkD,WAAOoC,KAAK,yBAAyBC,OAAOC,KAAKzB,oBAAAA,EAAsB0B,KAAK,IAAA,CAAA,EAAO;AAEnF,UAAMC,sBAA2D,MAAMlG,QAAQmG,IAC7EJ,OAAOK,QAAQ7B,oBAAAA,EAAsBjC,IAAI,OAAO,CAACgC,IAAI+B,yBAAAA,MAA0B;AAI7E,YAAMC,sBAAkBC,2CAAmBF,yBAAAA;AAE3C,YAAMG,iBAAiB,CAAC5B,qBACpBnF,SACCmF,qBAAqBN,EAAAA,KACtByB,OAAOK,QAAQxB,kBAAAA,EACZa,KAAK,CAAC,CAAC3F,MAAM2G,UAAAA,MAAW;AACvBH,2BAAmBxG,QAAQwG;MAC7B,CAAA,GACEhE,IAAI,CAAC,CAACxC,MAAM4G,SAAAA,MAAeA,SAAAA;AACnC,YAAMC,mBACJ,MAAMC,+BAA+B;QACnChB;QACAY;MACF,CAAA,IACCK;AAEH,aAAO;QACLvC,QAAIwC,aAAAA,IAAAA;QACJC,cAAczC;QACdgC,iBAAiBA,uBAAmBrE,uBAAQqC,EAAAA;QAC5CqC,iBAAiBA,mBAAmBrC;QACpC0C,YAAY;MACd;IACF,CAAA,CAAA;AAIF,QAAId,oBAAoBxG,UAAU,GAAG;AACnCwG,0BAAoB5D,IAAI,CAAC2E,QAAQpB,oBAAoBqB,KAAKD,IAAIF,YAAY,CAAA;IAC5E;AACArD,WAAOE,IAAI,wBAAwBmB,KAAKoC,UAAUjB,mBAAAA,CAAAA,EAAsB;AAExE,WAAOA;EACT;EAEA,MAAc7I,wBAAwBmD,MAAsBX,SAAsD;AAChH,UAAM,EAAE6E,eAAc,IAAKlE;AAE3B,QAAIkE,mBAAmBjF,QAAW;AAChC,aAAOO,QAAQC,OAAOC,MAAM,mCAAA,CAAA;IAC9B;AAEA,UAAMkH,QAAqB,IAAIxE,IAC7B8B,eAAe2C,0BAA0BC,SACrChF,IAAI,CAACgF,YAAYA,QAAQC,IAAI,EAC9B9E,OAAO,CAAC8E,UAASA,SAAQ9H,MAAAA,EACzB6C,IAAI,CAACiF,UAASA,KAAAA,KAAmB,CAAA,CAAE;AAExC,UAAMA,OAAOH,MAAMI,OAAO,IAAI9E,MAAMC,KAAKyE,KAAAA,EAAO,CAAA,IAAK3H;AAErD,UAAMgI,gBAAwB,IAAIC,IAAIhD,eAAeiD,MAAM,EAAEC;AAE7D,UAAMnF,SAAwB;MAC5B;QACE2C,YAAY;UACVyC,YAAY;YACVJ;UACF;QACF;MACF;;AAGF,QAAIF,MAAM;AACR9E,aAAOyE,KAAK;QACV/B,SAAS;UACP2C,WAAWP;QACb;MACF,CAAA;AACA9E,aAAOyE,KAAK;QACV/B,SAAS;UACP4C,aAAaR;QACf;MACF,CAAA;IACF;AAEA,UAAMS,UAAwB,MAAMnI,QAAQoI,MAAMC,cAAc;MAC9DzF;IACF,CAAA;AAEA,QAAIuF,QAAQtI,SAAS,GAAG;AACtBgE,aAAOC,QAAQ,+CAA+CqE,QAAQtI,MAAM,KAAKsI,QAAQ1F,IAAI,CAAC6F,WAAUA,OAAMhD,QAAQ4C,WAAW,EAAE9B,KAAK,GAAA,CAAA,EAAM;IAChJ;AACA,UAAMkC,QAAQH,QAAQtI,UAAU,IAAIsI,QAAQ,CAAA,IAAKvI;AAEjDiE,WAAOE,IAAI,oBAAoBuE,KAAAA;AAC/B,WAAOA;EACT;EAEA,MAAc7K,4BAA4BkD,MAA0BX,SAAoE;AACtI,UAAM,EAAEuI,kBAAkBlD,uBAAuBjH,sBAAsBoK,aAAapH,iBAAiBqH,WAAU,IAAK9H;AACpHkD,WAAO6E,MAAM,uBAAuBF,aAAapH,eAAAA;AAEjD,QAAI,CAACiE,uBAAuB;AAC1B,aAAOlF,QAAQC,OAAOC,MAAM,4CAAA,CAAA;IAC9B;AAEA,UAAMuE,SAAS,MAAMzB,+CAAwBC,UAAU;MAAEC,OAAOgC;IAAsB,CAAA;AACtF,UAAMX,uBAAuB,MAAMC,oCAAoC;MACrEC;MACA1G,qBAAqB,KAAKA;MAC1BkG,kBAAkBzD,KAAKqF;IACzB,CAAA;AACA,UAAMnB,iBAAiB,MAAMD,OAAOE,uBAAsB;AAC1D,UAAM6D,eAAe,MAAMC,gBAAgB;MACzChE;MACAF;MACAG;MACA7E;MACA5B,sBAAsB,KAAKyK,2BAA2BzK,sBAAsBqK,UAAAA;MAC5E9J,kCAAkC,KAAKA;MACvCR,qCAAqC,KAAKA;MAC1C,GAAIqK,eAAe;QAAEM,kBAAkBN;MAAY;IACrD,CAAA;AAEA,UAAMrH,iBAAiBwH,aAAalG,IAClC,OAAO+F,iBACL,MAAM,KAAK9K,2BACT;MACE8K,aAAAA;MACAO,KAAKR;MACL3D;MACAxD;IACF,GACApB,OAAAA,CAAAA;AAIN,UAAMgJ,iBAAiB,MAAM7I,QAAQmG,IAAInF,cAAAA;AACzC0C,WAAOE,IAAI,wBAAwBiF,cAAAA;AAEnC,WAAOA;EACT;EAEQH,2BAA2BzK,sBAAiEqK,YAAwB;AAC1H,UAAMQ,0BACJpG,MAAMqG,QAAQ9K,oBAAAA,KAAyBA,qBAAqByB,SAAS,IAAIzB,uBAAuB,KAAKA;AACvG,QAAIqK,eAAe,kBAAkB;AACnC,aAAO;QAACpK,2CAAuB8K;WAAYF;;IAC7C;AACA,WAAOA;EACT;EAEA,MAAcvL,2BAA2BiD,MAAyBX,SAA6D;AAC7H,UAAM,EAAEwI,aAAaO,KAAKnE,QAAQxD,gBAAe,IAAKT;AACtDkD,WAAOoC,KAAK,sBAAsBuC,WAAAA;AAElC,QAAI,CAACA,aAAa;AAChB,aAAOrI,QAAQC,OAAOC,MAAM,wCAAwC,CAAA;IACtE;AAEA,UAAM2H,aAAa,MAAMoB,kBAAkB;MAAEZ;MAAaxI;IAAQ,CAAA;AAClEwI,gBAAYR,aAAaA;AACzBnE,WAAOoC,KAAK,WAAW+B,UAAAA;AACvB,UAAMqB,MAA6D,UAAMC,+CAA0B;MAAEC,KAAKvB,WAAWuB;IAAI,CAAA;AAEzH,UAAMC,UAAMC,kDAA6BzB,UAAAA,IAAcA,WAAWwB,MAAM5J;AAExE,UAAM8J,YAAwC;MAC5CC,cAAcA,aAAa3B,YAAYhI,OAAAA;IACzC;AAEA,QAAI;AAEF,UAAI,CAAC4E,OAAOtC,UAAU;AACpBsC,eAAOtC,eAAWsH,kDAA6B5B,UAAAA,IAAcA,WAAW6B,MAAM7B,WAAWF;MAC3F;AACA,UAAIgC,SAA8ClK;AAClD,UAAImK,MAAM3I,iBAAiB4I,YAAYD,OAAO/B,WAAW+B;AACzD,UAAI3I,iBAAiB4I,YAAY;AAC/B,cAAM1H,WAAWlB,gBAAgB4I,WAAW1H,YAAYsC,OAAOtC,YAAY0F,WAAWF;AACtF,YAAIlD,OAAOqF,OAAM,KAAM3H,UAAUD,WAAW,MAAA,KAAW0H,KAAKG,SAAS,GAAA,GAAM;AACzEH,gBAAMA,IAAII,MAAM,GAAA,EAAK,CAAA;QACvB;AAGA,cAAMH,aAA4C;UAChD,GAAG5I,gBAAgB4I;UACnB1H;UACAyH;;UAEAV,KAAKjI,gBAAgB4I,WAAWX,OAAOA;UACvCe,eAAehJ,gBAAgB4I,WAAWI,iBAAiBV;QAC7D;AACAI,iBAAS;UACPE;QACF;MACF;AAEA,YAAMpF,OAAOyF,mBAAmB;QAC9B/H,UAAUsC,OAAOtC;QACjByG;QACAuB,uBAAuBpF,KAAKC,MAAM,MAAMP,OAAOQ,YAAW,CAAA,EAAImF;QAC9DC,yBAAyBpJ,iBAAiBoJ;QAC1C,GAAIV,UAAU;UAAEA;QAAO;MACzB,CAAA;AAGA,YAAMW,YAAQ/D,2CAAmB8B,WAAAA;AACjC,YAAM/D,KAAyB,QAAQ+D,eAAeA,YAAY/D,KAAM+D,YAAY/D,KAAgB7E;AACpG,YAAM6G,sBAAkBrE,uBAAQoG,YAAYkC,6BAA6BD,SAAShG,EAAAA;AAClF,UAAI,CAACgC,mBAAmBA,gBAAgB5G,WAAW,GAAG;AACpD,eAAOM,QAAQC,OAAOC,MAAM,2CAAA,CAAA;MAC9B;AAEA,YAAMsK,uBAAuB,KAAKC,wBAAwBpC,WAAAA;AAC1D,YAAMqC,qBAAqB,MAAMjG,OAAOkG,mBAAmB;QACzD,GAAIH,wBAAwB;UAAE3K,SAAS2K,qBAAqB,UAAA;QAAY;QACxElE;QACAsE,gBAAgBrB;QAChB/G,QAAQ6F,YAAY7F;;QAEpBqI,yBAAyB;QACzB,GAAI,CAACxB,OAAO;UAAEO;QAAI;QAClBP;QACAH;QACA4B,SAAKhE,aAAAA,IAAAA;MACP,CAAA;AAEA,YAAMiE,aAAa;QACjBzG,IAAI+D,YAAYkC,6BAA6BjG;QAC7CgG,OAAOA,aAASrI,uBAAQqE,eAAAA;QACxB+B;QACAqC;MACF;AACA,aAAOM,sBAAsB;QAAEC,oBAAoBF;QAAYvO,QAAQ,KAAKA;MAAO,CAAA;IACrF,SAAS0O,OAAO;AACd,aAAOlL,QAAQC,OAAOiL,KAAAA;IACxB;EACF;EAEA,MAAc1N,gCAAgCgD,MAA8BX,SAA6C;AACvH,UAAM,EAAEsL,qBAAqBhG,QAAO,IAAK3E;AAEzC,QAAI,CAAC2E,SAAS;AACZ,aAAOnF,QAAQC,OAAOC,MAAM,4BAAA,CAAA;IAC9B;AAEA,QAAIiL,wBAAwB1L,UAAa0L,oBAAoBzL,WAAW,GAAG;AACzE,aAAOM,QAAQC,OAAOC,MAAM,sCAAA,CAAA;IAC9B;AAEA,QAAIuH,gBAAwB0D,oBAAoB,CAAA,EAAG1D;AACnD,QAAI2D,iBAAiBC,0CAA0BC;AAC/C,QAAI,CAAC7D,cAAc8D,YAAW,EAAGrJ,WAAW,MAAA,GAAS;AACnDkJ,uBAAiBC,0CAA0B3D;AAC3C,UAAID,cAAcvF,WAAW,MAAA,GAAS;AACpCuF,wBAAgB,IAAIC,IAAID,aAAAA,EAAeG;MACzC;IACF;AACA,UAAMvC,WAAiC;MACrCwB,OAAOsE,oBAAoB,CAAA,EAAG1D;MAC9B+D,QAAQC,+BAAeC;MACvBC,OAAO;QAACC,iCAAeC;;MACvBhE,YAAY;QACV/H,MAAMsL;QACN3D;MACF;MACA,GAAI2D,mBAAmBC,0CAA0B3D,OAAO;QACtDnC,YAAY;UACVzF,MAAMgM,+BAAeC;UACrBvG,QAAQ;YACNrD,UAAU;YACV6J,cAAc;YACdC,QAAQ;cAAC;;YACTtE,QAAQ;YACRuE,aAAa;YACbC,sCAAsC;YACtCC,kBAAkB;UACpB;QACF;MACF;IACF;AAEA,UAAMvM,QAAQoI,MAAMoE,KAAK3P,mBAAmBC,0BAA0B;MACpE2P,WAAWnH,QAAQb;MACnBe;IACF,CAAA;AACA3B,WAAOE,IAAI,kBAAkB6D,aAAAA,EAAe;AAE5C,WAAO5H,QAAQoI,MAAMsE,cAAc;MAAED,WAAWnH,QAAQb;MAAIe;IAAS,CAAA;EACvE;EAEA,MAAcxH,+BACZ2C,MACAX,SACoE;AACpE,UAAM,EAAE6E,gBAAgBS,QAAO,IAAK3E;AAGpC,UAAMgM,sBAAsBrH,SAASC,WAClC3C,OAAO,CAAC4C,aAAaA,SAASsG,MAAM5B,SAAS6B,iCAAeC,MAAM,CAAA,EAClEvJ,IAAI,CAAC+C,aAAaA,SAASwC,WAAWJ,aAAa,EAAE,CAAA;AAExD,QAAI+E,qBAAqB;AACvB,YAAMC,WAAW,MAAM5M,QAAQoI,MAAMyE,oBAAoB;QAAEjK,QAAQ;UAAC;YAAE+J;UAAoB;;MAAG,CAAA;AAC7F,UAAIC,SAAS/M,SAAS,GAAG;AACvB,eAAO+M,SAAS,CAAA,EAAGjG;MACrB;IACF;AAGA,QAAI,CAAC9B,gBAAgB;AACnB,aAAO1E,QAAQC,OAAOC,MAAM,mCAAA,CAAA;IAC9B;AAEA,WAAOyM,6BAA6B;MAClCrF,SAAS5C,eAAe2C,0BAA0BC,WAAW,CAAA;MAC7DsF,mCAAmClI,eAAe2C;MAClDxH;IACF,CAAA;EACF;EAEA,MAAc/B,iCAAiC0C,MAA+BX,SAAyC;AACrH,UAAM,EAAEgN,gBAAgB1H,QAAO,IAAK3E;AACpC,QAAI,CAACqM,kBAAkBA,eAAenN,WAAW,KAAoCmN,eAAgB,CAAA,EAAGvI,IAAI;AAE1G;IACF;AAEA,QAAI,CAACa,SAAS;AACZ,aAAOnF,QAAQC,OAAOC,MAAM,4BAAA,CAAA;IAC9B;AAEA,UAAMsM,sBAAsBrH,SAASC,WAClC3C,OAAO,CAAC4C,aAAaA,SAASsG,MAAM5B,SAAS6B,iCAAeC,MAAM,CAAA,EAClEvJ,IAAI,CAAC+C,aAAaA,SAASwC,WAAWJ,aAAa,EAAE,CAAA;AAGxD,UAAMgF,WAAW,MAAM5M,QAAQoI,MAAMyE,oBAAoB;MAAEjK,QAAQ;QAAC;UAAE+J;QAAoB;;IAAG,CAAA;AAC7F,QAAIC,SAAS/M,SAAS,GAAG;AACvB;IACF;AAEA,UAAMG,QAAQoI,MAAM6E,oBAAoB;MACtCtG,gBAAgBqG;MAChBL;IACF,CAAA;EACF;EAEA,MAAc/O,oCAAoC+C,MAAkCX,SAAyD;AAC3I,UAAM,EAAEsL,qBAAqB9C,YAAW,IAAK7H;AAE7C,WAAO,MAAMR,QAAQmG,IACnBgF,oBAAoB7I,IAAI,CAAC2I,uBACvB8B,yBAAyB;MACvBC,kBAAkB/B;MAClB5L,8BAA8B,KAAKA;MACnC7C,QAAQ,KAAKA;MACbyQ,kBAAkB5E,aAAa4E;MAC/BpN;IACF,CAAA,CAAA,CAAA;EAGN;EAEA,MAAcnC,qCAAqC8C,MAAmCX,SAAyC;AAC7H,UAAM,EAAE+E,oBAAoBF,gBAAgBmB,qBAAqBsF,oBAAmB,IAAK3K;AAEzF,QAAIkE,mBAAmBjF,QAAW;AAChC,aAAOO,QAAQC,OAAOC,MAAM,mCAAA,CAAA;IAC9B,WAAW2F,oBAAoBnG,WAAW,GAAG;AAC3CgE,aAAOC,QAAQ,uCAAuCe,eAAeiD,MAAM,EAAE;AAC7E;IACF;AAEA,QAAIuF,UAAU;AACd,eAAWnG,gBAAgBlB,qBAAqB;AAE9C,YAAMsH,WAAWpG;AACjB,YAAMuD,QACJa,oBACG1F,KAAK,CAAC2H,OAAOA,GAAG3F,kBAAkB0F,YAAYC,GAAGnC,mBAAmB3G,OAAO6I,YAAYC,GAAG9C,MAAMP,SAASoD,QAAAA,CAAAA,GACxG7C,OAAO7H,OAAO,CAAC3C,SAASA,QAAQ,sBAAA,KAA2B,CAAA;AAEjE,YAAM0G,iBAAwD5B,qBAAqBuI,QAAAA,KAAa,CAAA;AAChG,UAAI3G,eAAe9G,WAAW,GAAG;AAC/B,mBAAWI,QAAQwK,OAAO;AACxB,gBAAMmC,WAAW7H,qBAAqB9E,IAAAA,KAAS,CAAA;AAC/C,cAAI2M,SAAS/M,SAAS,GAAG;AACvB8G,2BAAeU,KAAI,GAAIuF,QAAAA;UACzB;QACF;MACF;AAEA,UAAIjG,kBAAkBA,eAAe9G,SAAS,GAAG;AAC/C,cAAMqL,aAAaI,oBAAoB1F,KACrC,CAAC4H,eACCA,WAAWpC,mBAAmB3G,OAAOyC,gBACrChC,KAAKoC,UAAUkG,WAAW/C,KAAK,MAAMvD,gBACrChC,KAAKoC,UAAUkG,WAAW/C,MAAM7H,OAAO,CAAC6K,SAASA,SAAS,sBAAA,CAAA,MAA6BvI,KAAKoC,UAAUmD,KAAAA,KACtGa,oBAAoB+B,OAAAA,CAAQ;AAEhCA;AACA,cAAMrN,QAAQoI,MAAMsF,wBAAwB;UAC1CC,YAAQC,gCAAiB1C,WAAW2C,uBAAuB;UAC3DlB,qBAAqB,IAAI9E,IAAIhD,eAAeiD,MAAM,EAAEC;UACpDpB;QACF,CAAA;AACA9C,eAAOE,IACL,kCAAkCc,eAAeiD,MAAM,aAAaZ,YAAAA,wBAAoCP,eAAelE,IAAI,CAACqL,MAAMA,EAAE/H,MAAM,EAAEK,KAAK,GAAA,CAAA,EAAM;MAE3J,OAAO;AACLvC,eAAOC,QAAQ,4CAA4Ce,eAAeiD,MAAM,aAAaZ,YAAAA,EAAc;MAC7G;IACF;EACF;EAEA,MAAcpJ,8BAA8B6C,MAA4BX,SAAyC;AAC/G,aAAS+N,QAAQC,OAAc;AAC7B,YAAMC,OAAOD,OAAOC,KAAAA;AACpB,UAAIA,SAAS,IAAI;AACf,eAAOrO;MACT;AACA,aAAOqO;IACT;AANSF;AAQT,UAAM,EAAEzC,qBAAqBjG,uBAAuBX,sBAAsBG,gBAAgBmB,oBAAmB,IAAKrF;AAClH,UAAMuN,2BAA2B5C,oBAAoB,CAAA;AAErD,QAAItF,uBAAuBA,oBAAoBnG,SAAS,GAAG;AACzDgE,aAAOwH,MAAM,mCAAmCrF,oBAAoBI,KAAK,IAAA,CAAA,iDAAsD;IACjI;AAGA,UAAMoC,cAAc7H,KAAK6H,eAAe0F,yBAAyB9C,mBAAmB5C;AACpF,QAAI,CAACA,eAAe,CAACA,YAAYR,YAAY;AAC3C,aAAO7H,QAAQC,OAAOC,MAAM,mEAAA,CAAA;IAC9B;AACA,UAAM,EAAE8N,WAAWC,OAAM,IAAK5F,YAAYR;AAE1C,QAAIqG,UAAU;AACd,UAAMC,uBAAuBJ,yBAAyBK;AAEtD,UAAMC,iBAAiBN,yBAAyB9C,mBAAmBP,mBAAmB4D;AACtF,UAAMC,kBAAkBR,yBAAyBS;AACjD,UAAMC,uBAAuB/J,gBAAgB2C,0BAA0BqH;AACvE,QAAIC,mBAKYlP;AAChB,QAAI,CAACgP,sBAAsB;AACzB/K,aAAOE,IAAI,yCAAyCc,gBAAgBiD,MAAAA,mCAAyC;IAC/G,WAAW8G,wBAAwB,CAACJ,gBAAgB;AAClD3K,aAAOC,QACL,iEAAiE8K,oBAAAA,YAAgCJ,cAAAA,qDAAmE3J,gBAAgBiD,MAAAA,EAAQ;IAEhM,WAAW8G,wBAAwBJ,gBAAgB;AACjD3K,aAAOE,IAAI,mBAAmByK,cAAAA,4CAA0DI,oBAAAA,EAAsB;AAC9G,UAAI7O,QAAQ;AACZ,UAAI8C,MAAMqG,QAAQwF,iBAAiBK,6BAAAA,GAAgC;AAEjEhP,gBAAQ2O,gBAAgBK,8BAA8B7E,SAAS,mCAAA,IAC3D,sCACA;AACJrG,eAAOE,IAAI,qDAAqDhE,KAAAA;AAEhE,cAAMiP,WAAWC,8BAA8Bf,yBAAyB9C,mBAAmBP,kBAAkB;AAC7G,cAAMqE,kBAAkBC,mCAAiBC,8BAA8BJ,UAAU;UAAErS,QAAQ,KAAKA,UAAUgD;QAAc,CAAA;AACxH0P,gBAAQtL,IAAI,eAAemL,gBAAgBjP,IAAI,KAAKiP,gBAAgBvM,MAAM,EAAE;AAG5E,YAAImF;AAEJ,YAAIqH,mCAAiBG,mCAAmCJ,eAAAA,GAAkB;AACxEpH,mBAASiG,QAAQmB,gBAAgBK,SAASC,GAAAA;QAC5C,WAAWL,mCAAiBM,iCAAiCP,eAAAA,GAAkB;AAC7EpH,mBACEiG,QAAQmB,gBAAgBhE,YAAYsE,GAAAA;UAEpCzB,QAAQmB,gBAAgBhE,YAAYwE,mBAAmBjL,EAAAA,KACvDsJ,QAAQ,KAAK4B,2BAA2BT,eAAAA,CAAAA;QAC5C,WAAWC,mCAAiBS,wBAAwBV,eAAAA,GAAkB;AACpE,iBAAO/O,QAAQC,OAAOC,MAAM,wBAAA,CAAA;QAC9B;AAEA,YAAI,CAACyH,QAAQ;AACXA,mBAASiG,QAAQO,qBAAqBoB,mBAAmBjL,EAAAA;QAC3D;AACA,YAAI,CAACqD,UAAUzC,uBAAuB0E,KAAK1H,WAAW,MAAA,GAAS;AAC7DyF,uBAAS+H,4BAASxK,uBAAuB0E,GAAAA,EAAKF;QAChD;AACA,YAAI,CAAC/B,UAAUzC,uBAAuBmE,KAAKO,KAAK1H,WAAW,MAAA,GAAS;AAClEyF,uBAAS+H,4BAASxK,sBAAuBmE,IAAKO,GAAG,EAAGF;QACtD;AACA,YAAI,CAAC/B,UAAUzC,uBAAuB/C,UAAU;AAC9CwF,mBAASiG,QAAQ1I,sBAAsB/C,QAAQ;QACjD;AACA,YAAI,CAACwF,UAAUzC,uBAAuByK,qBAAqB;AACzD,gBAAMC,iBAAaC,0BAAU3K,sBAAsByK,oBAAoBG,YAAY;AACnFnI,mBAASiI,WAAWG,QAAQV;QAC9B;AACA,YAAI,CAAC1H,UAAUoG,yBAAyB9C,mBAAmB5C,YAAYR,YAAY;AACjF,gBAAMmI,aAAa,MAAMnQ,QAAQoI,MAAMgI,qBAAqBlC,yBAAyB9C,mBAAmB5C,YAAYR,UAAU;AAC9HF,mBAASqI,WAAWrI;QACtB;AAEA,YAAI,CAACA,QAAQ;AACX,gBAAMzH,MAAM,8EAA8E;QAC5F;AACAwD,eAAOE,IAAI,8CAA8C+D,MAAAA,EAAQ;AAEjE,cAAMuI,yBAAyBnB,gBAAgBK;AAC/C,YAAIe,cAAqC;AACzC,YAAIpB,gBAAgBvM,OAAOuH,SAAS,KAAA,KAAU,CAACgF,gBAAgBvM,OAAOuH,SAAS,UAAA,GAAa;AAC1FmG,iCAAuBE,MAAMzI;AAC7BwI,wBAAc;QAChB;AACA,YAAI,YAAYD,0BAA0B,EAAE,SAASA,yBAAyB;AAC5EA,iCAAuBvI,SAASA;QAClC;AACA,YAAI,SAASuI,wBAAwB;AACnCA,iCAAuBb,MAAM1H;QAC/B;AACA,YAAI,uBAAuBuI,0BAA0B,CAACxN,MAAMqG,QAAQmH,uBAAuBX,iBAAiB,GAAG;AAC7GW,iCAAuBX,kBAAkBjL,KAAKqD;QAChD;AACA,YAAI,QAAQuI,wBAAwB;AAClC,cAAIA,uBAAuBG,GAAGd,mBAAmB;AAC/CW,mCAAuBG,GAAGd,kBAAkBjL,KAAKqD;UACnD;AACAuI,iCAAuBG,GAAG1I,SAASA;AACnC,iBAAOuI,uBAAuBG,GAAGC;AACjC,iBAAOJ,uBAAuBG,GAAGE;QACnC;AACA,eAAOL,uBAAuBI;AAC9B,eAAOJ,uBAAuBK;AAC9B,eAAOL,uBAAuBM;AAE9B9M,eAAOE,IAAI,yDAAyDuM,WAAAA,KAAgBD,sBAAAA;AACpF,cAAMO,WAAW,MAAM5Q,QAAQoI,MAAMyI,2BAA2B;UAC9D3F,YAAa,QAAQmF,yBAAyBA,uBAAuBG,KAAKH;UAC1ES,qBAAqB;UACrBC,MAAM;UACNT;QACF,CAAA;AACA,YAAI,CAACM,UAAU;AACb,gBAAMvQ,MAAM,mDAAmD;QACjE;AACAwD,eAAOE,IAAI,UAAU6M,SAAS9I,MAAM,kCAAkC8I,SAASnM,EAAE,IAAImM,QAAAA;AACrF9B,2BAAmBK,mCAAiB6B,iCAAiCJ,QAAAA;AACrEvC,kBAAUtO,UAAU;MACtB;AAEA,YAAMkR,sBAA2C;QAC/CxC,iBAAiBD;QACjB,GAAIM,oBAAoB;UAAE5D,YAAY4D;QAAiB;QACvD/O;MACF;AAEA,YAAM,KAAKhC,8BACT;QACEsH;QACA6L,QAAQ7C;QACR/C;QACA5G;QACAuM;QACApM;MACF,GACA7E,OAAAA;IAEJ;AACA,UAAMmR,oBAAoBrC,mBACtBK,mCAAiB6B,iCAAiClC,gBAAAA,IAClDZ,yBAAyBL;AAC7B,QAAI,CAACQ,WAAWS,kBAAkB;AAChCjL,aAAOE,IAAI,mGAAmG;IAChH,OAAO;AACLF,aAAOE,IAAI,yBAAyBoN,iBAAAA;AAEpC,YAAMrJ,SAASqH,mCAAiBiC,kCAAkC9C,qBAAqBxG,MAAM;AAC7F,YAAM,CAACuJ,wBAAwBC,oBAAAA,IAAwB,KAAKC,4BAA4B/I,YAAYR,YAAYF,MAAAA;AAEhH,YAAM0J,sBAAsB,MAAMxR,QAAQoI,MAAMqJ,iBAAiB;QAC/DvG,YAAY;UACVwG,iBAAaC,mCAAkBR,iBAAAA;UAC/BhD;UACAyD,kBAAkBxD;UAClByD,gBAAgB9F,iCAAe+F;UAC/BC,uBAAuBjK,QAAQzF,WAAW,MAAA,IAAU2P,0CAA0BvG,MAAMuG,0CAA0BnK;UAC9G8E,qBAAqB7E;UACrBuJ;UACAC;QACF;MACF,CAAA;AACA,YAAMtR,QAAQoI,MAAMoE,KAAK3P,mBAAmBE,mBAAmB;QAC7DmO,YAAYsG;QACZ7D,QAAQ6D,oBAAoBS;MAC9B,CAAA;IACF;EACF;EAEA,MAAclU,8BAA8B4C,MAA4BX,SAAyC;AAC/G,UAAM,EAAE6E,gBAAgBoM,qBAAqB5L,sBAAqB,IAAK1E;AACvE,UAAMiO,uBAAuB/J,gBAAgB2C,0BAA0BqH;AACvE,QAAI,CAACD,sBAAsB;AACzB;IACF,WAAW,CAACvJ,uBAAuB;AACjC,aAAOlF,QAAQC,OAAOC,MAAM,4CAAA,CAAA;IAC9B,WAAW,CAAC4Q,qBAAqB;AAC/B,aAAO9Q,QAAQC,OAAOC,MAAM,8BAAA,CAAA;IAC9B;AAEAwD,WAAOE,IAAI,6BAA6B6K,oBAAAA,IAAwBqC,mBAAAA;AAEhE,UAAMrM,SAAS,MAAMsN,wCAAiB9O,UAAU;MAAEC,OAAOgC;IAAsB,CAAA;AAC/E,UAAMT,OAAOjD,iBAAiB;MAAEiN;IAAqB,GAAGqC,qBAAqB5L,uBAAuByK,qBAAqBG,YAAAA;AACzHpM,WAAOE,IAAI,mBAAmB6K,oBAAAA,sBAA0C;EAC1E;EAEA,MAAchN,mBAAmBjB,MAA8BX,SAAkD;AAC/G,UAAM,EAAEiC,aAAa4C,gBAAgBsN,aAAY,IAAKxR;AAEtD,QAAIwR,aAAatS,WAAW,GAAG;AAC7B,aAAOM,QAAQC,OAAOC,MAAM,wBAAA,CAAA;IAC9B;AAEA,QAAI,CAAC4B,aAAaC,KAAK;AACrB,aAAO/B,QAAQC,OAAOC,MAAM,gCAAA,CAAA;IAC9B;AAEA,QAAI,CAACwE,gBAAgB;AACnB,aAAO1E,QAAQC,OAAOC,MAAM,mCAAA,CAAA;IAC9B;AAEA,UAAM+R,MAAM,IAAIvK,IAAI5F,aAAaC,GAAAA;AACjC,UAAMmQ,SAAS,IAAIC,gBAAgBF,IAAIG,MAAM;AAC7C,UAAMC,mBAAmBH,OAAOI,IAAI,mBAAA;AACpC,UAAMC,mBAAmBF,oBAAoB3N,eAAeiD;AAC5D,QAAI4K,iBAAiBrQ,WAAW,SAAA,GAAY;AAC1CgN,cAAQsD,KAAK,4EAA4EP,IAAIQ,SAAQ,CAAA,GAAK;AAE1G,aAAO,CAAA;IACT;AAEA,UAAMC,SAAS,MAAM7S,QAAQoI,MAAM0K,wCAAwC;MACzE1E,QAAQ;MACR+D;MACAnK,YAAY0K;IACd,CAAA;AAEA,WAAOG,OAAOE;EAChB;EAEA,MAAc3V,+BAA+BuD,MAA6BX,SAA2D;AACnI,UAAM,EAAE8H,QAAQkL,kBAAkB,KAAI,IAAKrS;AAC3C,WAAOsS,sCAAeC,oBAAoBpL,QAAQ;MAAEkL;IAAgB,CAAA;EACtE;EAEQzB,4BAA4BvJ,YAA2CF,QAAqD;AAClI,YAAQE,WAAWoG,QAAM;MACvB,KAAK;AACH,gBAAI+E,+CAA0BnL,UAAAA,SAAe4B,kDAA6B5B,UAAAA,GAAa;AACrF,iBAAO;YAACgK,0CAA0BvG;YAAKzD,WAAW6B;;QACpD,eAAWuJ,gDAA2BpL,UAAAA,GAAa;AACjD,iBAAO;YAACgK,0CAA0BvG;YAAK,OAAOzD,WAAWA,eAAe,WAAWA,WAAWA,aAAaA,WAAWA,WAAW6B;;QACnI;AACA;MACF,KAAK;AACH,gBAAIsJ,+CAA0BnL,UAAAA,SAAeqL,kDAA6BrL,UAAAA,GAAa;AACrF,iBAAO;YAACgK,0CAA0BsB;YAAKtL,WAAW+B;;QACpD,eAAWqJ,gDAA2BpL,UAAAA,GAAa;AACjD,iBAAO;YAACgK,0CAA0BsB;YAAKtL,WAAWA;;QACpD;AACA;MACF,KAAK;AACH,gBAAImL,+CAA0BnL,UAAAA,SAAeuL,kDAA6BvL,UAAAA,GAAa;AACrF,iBAAO;YAACgK,0CAA0BwB;YAAUxL,WAAWyL,IAAIrN,KAAK,MAAA;;QAClE,eAAWsN,gDAA2B1L,UAAAA,GAAa;AACjD,iBAAO;YAACgK,0CAA0BwB;YAAUxL,WAAWA,WAAW5B,KAAK,MAAA;;QACzE;AACA;IACJ;AACA,WAAO;MAAC4L,0CAA0BnK;MAAKC;;EACzC;EAEQ6H,2BAA2BT,iBAAqE;AACtG,QAAIrM,MAAMqG,QAAQgG,gBAAgBhE,YAAYwE,iBAAAA,GAAoB;AAChE,UAAIR,gBAAgBhE,YAAYwE,kBAAkB7P,SAAS,GAAG;AAC5D,eAAOqP,gBAAgBhE,YAAYwE,kBAAkB,CAAA,EAAGjL;MAC1D;IACF,OAAO;AACL,aAAOyK,gBAAgBhE,YAAYwE,mBAAmBjL;IACxD;AACA,WAAO7E;EACT;EAEQgL,wBAAwBpC,aAAuF;AACrH,QAAIA,YAAY7F,UAAU,YAAY6F,YAAY7F,UAAU,kBAAkB;AAC5E,aAAQ6F,YAA2EmL;IACrF;AACA,WAAO/T;EACT;AACF;;;ASzsCA,IAAAgU,oBAA6C;AAG7C,IAAMC,UAASC,0BAAQC,QAAQC,QAAQ,2BAA2B;EAAEC,iBAAiBC,2BAASC;EAAOC,SAAS;IAACC,4BAAUC;;AAAS,CAAA,EAAGC,IACnI,yBAAA;AAGK,IAAMC,+BAA+B,wBAC1CC,cAAAA;AAEA,SAAO,OAAOC,gBAA2CC,UAAAA;AACvD,QAAIA,MAAMC,OAAOC,SAAS,YAAY;AACpChB,MAAAA,QAAOiB,MAAM,8CAAA;AAGb;IACF;AACAjB,IAAAA,QAAOkB,KAAK,6BAA6BC,KAAKC,UAAUN,MAAMO,KAAK,CAAA,EAAG;AAEtE,QAAI,CAACT,aAAaA,UAAUU,SAAS,GAAG;AACtCtB,MAAAA,QAAOkB,KAAK,0CAA0CC,KAAKC,UAAUN,MAAMO,KAAK,CAAA,EAAG;AACnF;IACF;AAEA,eAAW,CAACE,UAAUC,QAAAA,KAAaZ,WAAW;AAC5C,UAAIE,MAAMW,QAAQF,QAAAA,GAAW;AAC3BvB,QAAAA,QAAO0B,IAAI,iCAAiCP,KAAKC,UAAUN,MAAMO,KAAK,CAAA,mBAAoB;AAC1F,cAAMG,SAASX,gBAAgBC,KAAAA,EAC5Ba,KAAK,MAAM3B,QAAO0B,IAAI,sCAAsCP,KAAKC,UAAUN,MAAMO,KAAK,CAAA,EAAG,CAAA,EACzFO,MAAM,CAACC,UAAAA;AACN7B,UAAAA,QAAO6B,MACL,wCAAwCV,KAAKC,UAAUN,MAAMO,KAAK,CAAA,YAAaF,KAAKC,UAAUS,OAAOC,OAAAA,CAAAA,KAAaX,KAAKC,UAAUN,MAAMiB,KAAK,CAAA,EAAG;AAEjJ,cAAIF,MAAMG,OAAO;AACfhC,YAAAA,QAAO6B,MAAMA,MAAMG,KAAK;UAC1B;QACF,CAAA;AACF;MACF;IACF;EACF;AACF,GAlC4C;;;ACP5C,IAAAC,yBAAsC;AACtC,IAAAC,yBAA+G;AAC/G,IAAAC,kBAA0D;AAC1D,IAAAA,kBAAsF;AAQ/E,IAAMC,2BAAN,cAAuCC,mCAAAA;EAX9C,OAW8CA;;;EAC3BC;EACAC;EACAC;EACAC;EACAC;EACAC;EACAC;EACAC;EAEjB,YACEC,MASA;AACA,UAAM;MAAE,GAAGA;MAAMC,IAAI;IAAgB,CAAA;AACrC,SAAKJ,2BAA2BG,KAAKH;AACrC,SAAKC,aAAaE,KAAKF;AACvB,SAAKN,UAAUQ,KAAKR;AACpB,SAAKI,aAAaI,KAAKJ,cAAc;AACrC,SAAKD,4BAA4BK,KAAKL,8BAA8B;AACpE,SAAKF,0BAA0BO,KAAKP;AACpC,SAAKC,oCAAoCM,KAAKN;AAC9C,SAAKK,eAAeC,KAAKD;EAC3B;EAEA,MAAMG,OACJC,KACAC,MAOe;AACf,UAAMC,MAAM,IAAIC,IAAIH,GAAAA,EAAKI,SAAQ;AACjC,UAAMC,gBAAYC,+CAAuBJ,GAAAA;AACzC,UAAMK,UAAU,UAAUF,aAAa,CAAC,CAACA,UAAUG,QAAQ,EAAE,YAAYH;AACzE,UAAMG,OAAOD,UAAWF,UAAUG,OAAkBC;AACpD,UAAMd,aAAa;MAAE,GAAG,KAAKA;MAAY,GAAGM,MAAMN;IAAW;AAC7D,UAAMe,iBAAiB,MAAM,KAAKrB,QAAQsB,MAAMC,mCAAmC;MACjFC,aAAa;;QAEX,GAAI,CAACN,WAAW;UAAEO,iBAAiB,MAAMC,6CAAsBC,QAAQd,GAAAA;QAAK;QAC5E,GAAIK,WAAW;UAAEC;QAAW;QAC5BS,+BAA+BhB,MAAMgB;QACrCC,UAAUjB,MAAMiB;QAChBhB;MACF;MACAN,cAAc,KAAKA;MACnBF,0BAA0B;QAAE,GAAG,KAAKA;QAA0B,GAAGO,MAAMP;MAAyB;MAChG,IAAKC,WAAWwB,YAAYxB,WAAWyB,wBAAwB;QAAEzB;MAAwD;MACzHL,yBAAyB,KAAKA;MAC9BC,mCAAmC,KAAKA;MACxCE,YAAY,KAAKA;IACnB,CAAA;AAEA,UAAM4B,cAAcX,eAAeW;AAEnC,QAAI,CAACpB,MAAMqB,gBAAgB,KAAKjC,QAAQsB,MAAMY,iBAAgB,EAAGC,SAAS,yBAAA,GAA4B;AACpG,YAAMC,YAAYlB,UAAU,aAAa;AACzC,gBAAMmB,0CAAyB;QAC7BD;QACAJ;QACAhC,SAAS,KAAKA;QACdsC,0BAA0B;QAC1BC,qBAAqB;QACrBC,gBAAgB;QAChBC,gBAAgB,KAAKtC;MACvB,CAAA;IACF,OAAO;AAEL6B,kBAAYU,MAAM9B,MAAMqB,YAAAA;IAC1B;AAEA,QAAIf,SAAS;AACXc,kBAAYW,KAAKC,qBAAqBC,qCAAqC;QAAEC,MAAMjC;MAAI,CAAA;IACzF;EACF;AACF;","names":["module","module","import_oid4vci_client","import_oid4vci_common","import_ssi_sdk_ext","import_ssi_sdk","import_ssi_types","import_utils","import_uuid","OID4VCIHolderEvent","SupportedLanguage","OID4VCIMachineStates","OID4VCIMachineAddContactStates","OID4VCIMachineVerifyPinStates","OID4VCIMachineEvents","OID4VCIMachineGuards","OID4VCIMachineServices","RequestType","IdentifierAliasEnum","Localization","translationGetters","SupportedLanguage","ENGLISH","require","DUTCH","translate","memoize","key","config","Object","keys","i18n","translations","length","locale","findSupportedLanguage","t","JSON","stringify","language","values","undefined","getLocale","FirstPartyMachineStateTypes","FirstPartyMachineServices","FirstPartyMachineEvents","oid4vciHasNoContactGuard","_ctx","_event","contact","undefined","oid4vciHasContactGuard","oid4vciContactHasLowTrustGuard","trustedAnchors","length","oid4vciCredentialsToSelectRequiredGuard","credentialToSelectFrom","oid4vciRequirePinGuard","requestData","credentialOffer","userPinRequired","oid4vciHasNoContactIdentityGuard","credentialsToAccept","toAcceptId","correlationId","match","URL","hostname","identities","some","identity","identifier","oid4vciVerificationCodeGuard","verificationCode","oid4vciCreateContactGuard","contactAlias","hasContactConsent","oid4vciHasSelectedCredentialsGuard","selectedCredentials","oid4vciIsOIDFOriginGuard","trustAnchors","oid4vciNoAuthorizationGuard","ctx","oid4vciHasAuthorizationResponse","oid4vciRequireAuthorizationGuard","openID4VCIClientState","Error","authorizationURL","authorizationRequestOpts","authorizationCodeResponse","supportedFlows","includes","AuthzFlowType","AUTHORIZATION_CODE_FLOW","PRE_AUTHORIZED_CODE_FLOW","endpointMetadata","credentialIssuerMetadata","authorization_endpoint","oid4vciIsFirstPartyApplication","serverMetadata","authorization_challenge_endpoint","createOID4VCIMachine","opts","initialContext","accessTokenOpts","walletType","issuanceOpt","didMethodPreferences","locale","credentialsSupported","createMachine","id","machineName","predictableActionArguments","initial","OID4VCIMachineStates","start","schema","events","guards","services","context","states","invoke","src","OID4VCIMachineServices","onDone","target","createCredentialsToSelectFrom","actions","assign","credentialBranding","data","oid4vciClientState","onError","handleError","error","title","translate","message","stack","getContact","getIssuerBranding","getFederationTrust","cond","OID4VCIMachineGuards","isOIDFOriginGuard","issuerBranding","transitionFromSetup","always","addContact","hasNoContactGuard","reviewContact","contactHasLowTrustGuard","selectCredentials","credentialsToSelectRequiredGuard","startFirstPartApplicationFlow","isFirstPartyApplication","prepareAuthorizationRequest","requireAuthorizationGuard","verifyPin","requirePinGuard","getCredentials","on","OID4VCIMachineEvents","SET_AUTHORIZATION_CODE_URL","authorizationCodeURL","OID4VCIMachineAddContactStates","idle","SET_CONTACT_CONSENT","SET_CONTACT_ALIAS","CREATE_CONTACT","next","createContactGuard","DECLINE","declined","PREVIOUS","aborted","storeIssuerBranding","hasContactGuard","NEXT","transitionFromContactSetup","FirstPartyMachineStateTypes","toAuthorizationResponsePayload","SET_SELECTED_CREDENTIALS","transitionFromSelectingCredentials","hasSelectedCredentialsGuard","initiateAuthorizationRequest","INVOKED_AUTHORIZATION_CODE_REQUEST","waitForAuthorizationResponse","PROVIDE_AUTHORIZATION_CODE_RESPONSE","hasAuthorizationResponse","OID4VCIMachineVerifyPinStates","SET_VERIFICATION_CODE","verificationCodeGuard","verifyCredentials","exit","assertValidCredentials","transitionFromWalletInput","addContactIdentity","hasNoContactIdentityGuard","reviewCredentials","addIssuerBrandingAfterIdentity","push","storeCredentialBranding","storeCredentials","done","type","OID4VCIMachine","newInstance","interpreter","interpret","withConfig","subscription","onTransition","requireCustomNavigationHook","stateNavigationListener","snapshot","import_oid4vci_client","import_oid4vci_common","import_ssi_sdk_ext","import_xstate","import_oid4vci_common","sendAuthorizationChallengeRequest","args","openID4VCIClientState","authSession","presentationDuringIssuanceSession","oid4vciClient","OpenID4VCIClient","fromState","state","acquireAuthorizationChallengeCode","clientId","uuidv4","credentialOffer","preAuthorizedCode","issuerState","createConfig","context","presentationUri","Promise","reject","Error","agent","siopCreateConfig","url","getSiopRequest","didAuthConfig","undefined","siopGetSiopRequest","sendAuthorizationResponse","authorizationRequestData","selectedCredentials","responseData","siopSendResponse","isFirstParty","body","presentation_during_issuance_session","firstPartyMachineStates","FirstPartyMachineStateTypes","sendAuthorizationChallengeRequest","id","invoke","src","FirstPartyMachineServices","onDone","target","done","actions","assign","authorizationCodeResponse","_ctx","_event","data","onError","createConfig","cond","error","AuthorizationChallengeError","insufficient_authorization","authSession","auth_session","presentationUri","presentation","title","translate","message","stack","getSiopRequest","didAuthConfig","selectCredentials","authorizationRequestData","on","FirstPartyMachineEvents","SET_SELECTED_CREDENTIALS","selectedCredentials","NEXT","sendAuthorizationResponse","DECLINE","declined","PREVIOUS","aborted","presentationDuringIssuanceSession","type","createFirstPartyActivationMachine","opts","initialContext","openID4VCIClientState","contact","createMachine","machineId","predictableActionArguments","initial","context","states","schema","events","services","FirstPartyMachine","_instance","hasInstance","undefined","instance","Error","clearInstance","stop","stopInstance","newInstance","agentContext","args","newInst","interpret","withConfig","guards","subscription","onTransition","requireCustomNavigationHook","snapshot","stateNavigationListener","getInstance","requireExisting","oid4vciGetCredentialBrandingFrom","args","credentialDisplay","issuerCredentialSubject","oid4vciCombineDisplayLocalesFrom","issuerCredentialSubjectLocales","oid4vciIssuerCredentialSubjectLocalesFrom","credentialDisplayLocales","oid4vciCredentialDisplayLocalesFrom","reduce","localeDisplays","display","localeKey","locale","set","Map","localeClaims","processClaimObject","claim","parentKey","Object","entries","forEach","key","value","Array","isArray","name","has","get","push","oid4vciCredentialLocaleBrandingFrom","alias","logo","url","uri","alt_text","alt","description","text_color","text","color","background_image","background_color","background","image","locales","from","Set","keys","Promise","all","map","claims","length","sdJwtGetCredentialBrandingFrom","claimsMetadata","sdJwtCombineDisplayLocalesFrom","sdJwtCredentialClaimLocalesFrom","sdJwtCredentialDisplayLocalesFrom","lang","label","path","String","join","sdJwtCredentialLocaleBrandingFrom","rendering","simple","issuerLocaleBrandingFrom","issuerDisplay","dynamicRegistrationClientMetadata","client_name","logo_uri","client_uri","clientUri","tos_uri","tosUri","policy_uri","policyUri","contacts","getCredentialBranding","args","credentialsSupported","context","credentialBranding","Promise","all","Object","entries","map","configId","credentialsConfigSupported","sdJwtTypeMetadata","format","vct","startsWith","agent","fetchSdJwtTypeMetadataFromVctUrl","mappedLocaleBranding","sdJwtGetCredentialBrandingFrom","credentialDisplay","display","claimsMetadata","claims","oid4vciGetCredentialBrandingFrom","issuerCredentialSubject","undefined","credentialSubject","localeBranding","ibCredentialLocaleBrandingFrom","defaultCredentialType","configSupportedTypes","getTypesFromCredentialSupported","credentialTypes","length","asArray","filteredCredentialTypes","filter","type","getBasicIssuerLocaleBranding","dynamicRegistrationClientMetadata","issuerDisplay","branding","issuerLocaleBrandingFrom","ibIssuerLocaleBrandingFrom","getCredentialConfigsBasedOnFormatPref","vcFormatPreferences","credentials","prefConfigs","forEach","key","config","result","pref","toLowerCase","includes","selectCredentialLocaleBranding","locale","find","verifyCredentialToAccept","mappedCredential","hasher","onVerifyEBSICredentialIssuer","schemaValidation","credential","extractCredentialFromResponse","credentialToAccept","credentialResponse","wrappedVC","CredentialMapper","toWrappedVerifiableCredential","defaultHasher","decoded","iss","vc","issuer","existingInstanceId","cvVerifySchema","validationPolicy","JSON","stringify","source","error","subResults","wrappedVc","e","message","verificationResult","cvVerifyCredential","fetchRemoteContexts","policies","credentialStatus","expirationDate","issuanceDate","reject","Error","translate","mapCredentialToAccept","verifiableCredential","wrappedVerifiableCredential","uniformVerifiableCredential","isSdJwtDecodedCredential","sdJwtDecodedCredentialToUniformCredential","isSdJwtEncoded","asyncHasher","data","algorithm","resolve","decodedSdJwt","decodeSdJwtVcAsync","isMsoMdocDecodedCredential","mdocDecodedCredentialToUniformCredential","correlationId","decodedPayload","id","types","rawVerifiableCredential","credential_subject_issuance","Array","isArray","getIdentifierOpts","issuanceOpt","identifier","identifierArg","isManagedIdentifierResult","supportedPreferredDidMethod","supportedBindingMethods","keyType","kms","keyManagerGetDefaultKeyManagementSystem","isIIdentifier","identifierManagedGet","method","managedIdentifierToJwk","join","agentContext","created","getOrCreatePrimaryIdentifier","createOpts","options","use","KeyUse","Signature","codecName","identifierManagedGetByDid","offlineWhenNoDIDRegistered","did","emit","OID4VCIHolderEvent","IDENTIFIER_CREATED","keyManagerCreate","meta","keyAlias","Date","now","kmsKeyRef","kid","getCredentialConfigsSupportedMerged","getCredentialConfigsSupported","supported","configurationIds","getCredentialConfigsSupportedBySingleTypeOrId","configurationId","configs","keys","client","createIdFromTypes","getTypesFromObject","allSupported","getCredentialsSupported","fromEntries","credentialOffer","offerSupported","getSupportedCredentials","version","issuerMetadata","endpointMetadata","credentialIssuerMetadata","credentialConfigsSupported","LOG","warning","getIssuer","credential_offer","credentialsToOffer","credential_configuration_ids","getIssuanceOpts","didMethodPreferences","jwtCryptographicSuitePreferences","jsonldCryptographicSuitePreferences","forceIssuanceOpt","values","credentialSupported","cryptographicSuite","getIssuanceCryptoSuite","didMethod","methods","getIssuanceMethod","console","log","push","isEBSI","keyTypeFromCryptographicSuite","crv","clientId","isManagedIdentifierDidResult","opts","cryptographic_binding_methods_supported","didMethods","warn","SupportedDidMethodEnum","DID_KEY","signing_algs_supported","proof_types_supported","jwt","proof_signing_alg_values_supported","ldp_vp","cwt","credential_signing_alg_values_supported","supportedPreferences","suite","JoseSignatureAlgorithm","ES256","fallback","startFirstPartApplicationMachine","openID4VCIClientState","stateNavigationListener","contact","firstPartyMachineInstance","FirstPartyMachine","newInstance","onTransition","state","matches","FirstPartyMachineStateTypes","done","authorizationCodeResponse","aborted","declined","start","oid4vciHolderContextMethods","logger","Loggers","DEFAULT","get","signCallback","identifier","context","nonce","jwt","kid","noIssPayloadUpdate","resolution","agent","identifierManagedGet","jwk","header","method","undefined","issuer","payload","iss","Promise","reject","Error","JSON","stringify","console","log","jwtCreateJwsCompactSignature","protectedHeader","OID4VCIHolder","hasher","eventTypes","OID4VCIHolderEvent","CONTACT_IDENTITY_CREATED","CREDENTIAL_STORED","IDENTIFIER_CREATED","methods","oid4vciHolderStart","bind","oid4vciHolderGetIssuerMetadata","oid4vciHolderGetMachineInterpreter","oid4vciHolderPrepareAuthorizationRequest","oid4vciHolderCreateCredentialsToSelectFrom","oid4vciHolderGetContact","oid4vciHolderGetCredentials","oid4vciHolderGetCredential","oid4vciHolderAddContactIdentity","oid4vciHolderAssertValidCredentials","oid4vciHolderStoreCredentialBranding","oid4vciHolderStoreCredentials","oid4vciHolderSendNotification","oid4vciHolderGetIssuerBranding","oid4vciHolderStoreIssuerBranding","vcFormatPreferences","jsonldCryptographicSuitePreferences","didMethodPreferences","SupportedDidMethodEnum","DID_JWK","DID_KEY","DID_OYD","DID_EBSI","DID_ION","jwtCryptographicSuitePreferences","JoseSignatureAlgorithm","ES256","ES256K","EdDSA","DEFAULT_MOBILE_REDIRECT_URI","DefaultURISchemes","CREDENTIAL_OFFER","defaultAuthorizationRequestOpts","redirectUri","onContactIdentityCreated","onCredentialStored","onIdentifierCreated","onVerifyEBSICredentialIssuer","options","defaultAuthorizationRequestOptions","defaultHasher","undefined","length","onEvent","event","context","type","data","Promise","reject","Error","opts","authorizationRequestOpts","services","OID4VCIMachineServices","start","args","startFirstPartApplicationFlow","startFirstPartApplicationMachine","stateNavigationListener","firstPartyStateNavigationListener","createCredentialsToSelectFrom","prepareAuthorizationRequest","getContact","getCredentials","accessTokenOpts","addContactIdentity","getIssuerBranding","storeIssuerBranding","assertValidCredentials","storeCredentialBranding","storeCredentials","sendNotification","getFederationTrust","oid4vciMachineInstanceArgs","interpreter","OID4VCIMachine","newInstance","requestData","uri","authorizationDetails","asArray","startsWith","clientId","formats","authFormats","map","detail","format","filter","Array","from","Set","oid4vciClient","offer","existingClientState","OpenID4VCIClientV1_0_15","fromState","state","credentialOffer","RequestType","OPENID_INITIATE_ISSUANCE","OPENID_CREDENTIAL_OFFER","match","CredentialOfferClient","fromURI","logger","warning","log","fromCredentialIssuer","credentialIssuer","authorizationRequest","createAuthorizationRequestURL","configurationIds","original_credential_offer","credential_configuration_ids","authReqOpts","credential_configuration_id","id","credentialsSupported","getCredentialConfigsSupportedMerged","client","serverMetadata","retrieveServerMetadata","credentialBranding","getCredentialBranding","oid4vciClientState","JSON","parse","exportState","openID4VCIClientState","contact","identities","identity","connectionConfig","connection","config","find","authorizationCodeURL","createAuthorizationRequestUrl","locale","selectedCredentials","info","Object","keys","join","credentialSelection","all","entries","credentialConfigSupported","credentialTypes","getTypesFromObject","localeBranding","_brandings","supported","credentialAlias","selectCredentialLocaleBranding","alias","uuidv4","credentialId","isSelected","sel","push","stringify","names","credentialIssuerMetadata","display","name","size","correlationId","URL","issuer","hostname","identifier","legalName","displayName","parties","agent","cmGetContacts","party","verificationCode","issuanceOpt","walletType","debug","issuanceOpts","getIssuanceOpts","selectDidMethodPreferences","forceIssuanceOpt","pin","allCredentials","supportedDidMethodEnums","isArray","DID_WEB","getIdentifierOpts","alg","signatureAlgorithmFromKey","key","jwk","isManagedIdentifierJwkResult","callbacks","signCallback","isManagedIdentifierDidResult","did","asOpts","kid","clientOpts","isEBSI","includes","split","signCallbacks","acquireAccessToken","authorizationResponse","authorizationCodeResponse","additionalRequestParams","types","credentialConfigurationId","credentialDefinition","getCredentialDefinition","credentialResponse","acquireCredentials","proofCallbacks","deferredCredentialAwait","jti","credential","mapCredentialToAccept","credentialToAccept","error","credentialsToAccept","identifierType","CorrelationIdentifierType","DID","toLowerCase","origin","IdentityOrigin","EXTERNAL","roles","CredentialRole","ISSUER","ConnectionType","OPENID_CONNECT","clientSecret","scopes","redirectUrl","dangerouslyAllowInsecureHttpRequests","clientAuthMethod","emit","contactId","cmAddIdentity","issuerCorrelationId","branding","ibGetIssuerBranding","getBasicIssuerLocaleBranding","dynamicRegistrationClientMetadata","issuerBranding","ibAddIssuerBranding","verifyCredentialToAccept","mappedCredential","schemaValidation","counter","configId","ac","credAccept","cred","ibAddCredentialBranding","vcHash","computeEntryHash","rawVerifiableCredential","b","trimmed","input","trim","mappedCredentialToAccept","kmsKeyRef","method","persist","verifiableCredential","uniformVerifiableCredential","notificationId","notification_id","subjectIssuance","credential_subject_issuance","notificationEndpoint","notification_endpoint","holderCredential","notification_events_supported","issuerVC","extractCredentialFromResponse","wrappedIssuerVC","CredentialMapper","toWrappedVerifiableCredential","console","isWrappedSdJwtVerifiableCredential","decoded","sub","isWrappedW3CVerifiableCredential","credentialSubject","idFromW3cCredentialSubject","isWrappedMdocCredential","parseDid","accessTokenResponse","decodedJwt","decodeJWT","access_token","payload","resolution","identifierManagedGet","holderCredentialToSign","proofFormat","iss","vc","proof","issuanceDate","iat","issuedVC","createVerifiableCredential","fetchRemoteContexts","save","storedCredentialToOriginalFormat","notificationRequest","stored","persistCredential","issuerCorrelationIdFromIssuerType","subjectCorrelationType","subjectCorrelationId","determineSubjectCorrelation","persistedCredential","crsAddCredential","rawDocument","ensureRawDocument","identifierMethod","credentialRole","HOLDER","issuerCorrelationType","CredentialCorrelationType","hash","OpenID4VCIClient","trustAnchors","url","params","URLSearchParams","search","openidFederation","get","entityIdentifier","warn","toString","result","identifierExternalResolveByOIDFEntityId","trustedAnchors","errorOnNotFound","MetadataClient","retrieveAllMetadata","isManagedIdentifierResult","isManagedIdentifierDidOpts","isManagedIdentifierKidResult","KID","isManagedIdentifierX5cResult","X509_SAN","x5c","isManagedIdentifierX5cOpts","credential_definition","import_ssi_types","logger","Loggers","DEFAULT","options","defaultLogLevel","LogLevel","DEBUG","methods","LogMethod","CONSOLE","get","OID4VCICallbackStateListener","callbacks","oid4vciMachine","state","_event","type","debug","info","JSON","stringify","value","size","stateKey","callback","matches","log","then","catch","error","message","event","stack","import_oid4vci_client","import_oid4vci_common","import_ssi_sdk","OID4VCIHolderLinkHandler","LinkHandlerAdapter","context","stateNavigationListener","firstPartyStateNavigationListener","noStateMachinePersistence","walletType","authorizationRequestOpts","clientOpts","trustAnchors","args","id","handle","url","opts","uri","URL","toString","offerData","convertURIToJsonObject","hasCode","code","undefined","oid4vciMachine","agent","oid4vciHolderGetMachineInterpreter","requestData","credentialOffer","CredentialOfferClient","fromURI","createAuthorizationRequestURL","flowType","clientId","clientAssertionType","interpreter","machineState","availableMethods","includes","stateType","interpreterStartOrResume","cleanupAllOtherInstances","cleanupOnFinalState","singletonCheck","noRegistration","start","send","OID4VCIMachineEvents","PROVIDE_AUTHORIZATION_CODE_RESPONSE","data"]}
1	+ {"version":3,"sources":["../src/localization/translations/en.json","../src/localization/translations/nl.json","../src/index.ts","../src/agent/OID4VCIHolder.ts","../src/machines/oid4vciMachine.ts","../src/localization/Localization.ts","../src/types/IOID4VCIHolder.ts","../src/types/FirstPartyMachine.ts","../src/services/OID4VCIHolderService.ts","../src/machines/firstPartyMachine.ts","../src/services/FirstPartyMachineServices.ts","../src/mappers/OIDC4VCIBrandingMapper.ts","../src/listeners/headlessStateNavListener.ts","../src/link-handler/index.ts"],"sourcesContent":["{\n \"oid4vci_machine_verify_credentials_error_title\": \"Verify credentials\",\n \"oid4vci_machine_store_credential_branding_error_title\": \"Store credential branding\",\n \"oid4vci_machine_store_credential_error_title\": \"Store credential\",\n \"oid4vci_machine_add_contact_identity_error_title\": \"Add contact identity\",\n \"oid4vci_machine_retrieve_credentials_error_title\": \"Retrieve credentials\",\n \"oid4vci_machine_retrieve_issuer_branding_error_title\": \"Retrieve issuer branding\",\n \"oid4vci_machine_store_issuer_branding_error_title\": \"Store issuer branding\",\n \"oid4vci_machine_retrieve_contact_error_title\": \"Retrieve contact\",\n \"oid4vci_machine_credential_selection_error_title\": \"Credential selection\",\n \"oid4vci_machine_initiation_error_title\": \"Initiate OID4VCI provider\",\n \"oid4vci_machine_credential_verification_failed_message\": \"The credential verification resulted in an error.\",\n \"oid4vci_machine_credential_verification_schema_failed_message\": \"The credential schema verification resulted in an error.\",\n \"oid4vci_machine_retrieve_federation_trust_error_title\": \"Retrieve federation trust\",\n \"oid4vci_machine_first_party_error_title\": \"First party flow\",\n \"oid4vci_machine_send_authorization_challenge_request_error_title\": \"Sending authorization challenge request\",\n \"oid4vci_machine_create_config_error_title\": \"Creating siopV2 config\",\n \"oid4vci_machine_get_request_error_title\": \"Getting siopV2 request\"\n}\n","{\n \"oid4vci_machine_verify_credentials_error_title\": \"Verifiëren credential\",\n \"oid4vci_machine_store_credential_branding_error_title\": \"Opslaan credential branding\",\n \"oid4vci_machine_store_credential_error_title\": \"Opslaan credential\",\n \"oid4vci_machine_add_contact_identity_error_title\": \"Toevoegen identiteit contact\",\n \"oid4vci_machine_retrieve_credentials_error_title\": \"Ophalen credential\",\n \"oid4vci_machine_retrieve_issuer_branding_error_title\": \"Ophalen issuer branding\",\n \"oid4vci_machine_store_issuer_branding_error_title\": \"Opslaan issuer branding\",\n \"oid4vci_machine_retrieve_contact_error_title\": \"Ophalen contact\",\n \"oid4vci_machine_credential_selection_error_title\": \"Credential selectie\",\n \"oid4vci_machine_initiation_error_title\": \"Initiëren OID4VCI provider\",\n \"oid4vci_machine_credential_verification_failed_message\": \"Verificatie van de credential leidde tot een fout.\",\n \"oid4vci_machine_retrieve_federation_trust_error_title\": \"Ophalen federatievertrouwen\",\n \"oid4vci_machine_first_party_error_title\": \"Eerste partijstroom\",\n \"oid4vci_machine_send_authorization_challenge_request_error_title\": \"Versturen autorisatie-uitdaging aanvraag\",\n \"oid4vci_machine_create_config_error_title\": \"SiopV2-configuratie aanmaken\",\n \"oid4vci_machine_get_request_error_title\": \"SiopV2-verzoek ophalen\"\n}\n","/*\n @public\n /\n\nexport { OID4VCIHolder, oid4vciHolderContextMethods, signCallback } from './agent/OID4VCIHolder'\nexport from './mappers/OIDC4VCIBrandingMapper'\nexport * from './services/OID4VCIHolderService'\nexport * from './services/FirstPartyMachineServices'\nexport * from './types/IOID4VCIHolder'\nexport * from './types/FirstPartyMachine'\nexport * from './listeners/headlessStateNavListener'\nexport * from './link-handler'\n","import { CredentialOfferClient, MetadataClient, OpenID4VCIClient, OpenID4VCIClientV1_0_15 } from '@sphereon/oid4vci-client'\nimport {\n AuthorizationDetailsV1_0_15,\n AuthorizationRequestOpts,\n AuthorizationServerClientOpts,\n AuthorizationServerOpts,\n CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_15,\n CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15,\n CredentialOfferRequestWithBaseUrl,\n DefaultURISchemes,\n EndpointMetadataResult,\n getTypesFromObject,\n Jwt,\n NotificationRequest,\n ProofOfPossessionCallbacks,\n} from '@sphereon/oid4vci-common'\nimport { SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n IIdentifierResolution,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierJwkResult,\n isManagedIdentifierKidResult,\n isManagedIdentifierResult,\n isManagedIdentifierX5cOpts,\n isManagedIdentifierX5cResult,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService, JwsHeader } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { signatureAlgorithmFromKey } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\nimport {\n ConnectionType,\n CorrelationIdentifierType,\n CredentialCorrelationType,\n ensureRawDocument,\n FindPartyArgs,\n IBasicCredentialLocaleBranding,\n IBasicIssuerLocaleBranding,\n Identity,\n IdentityOrigin,\n IIssuerLocaleBranding,\n NonPersistedIdentity,\n Party,\n} from '@sphereon/ssi-sdk.data-store-types'\nimport {\n CredentialMapper,\n type CredentialProofFormat,\n CredentialRole,\n HasherSync,\n IVerifiableCredential,\n JoseSignatureAlgorithm,\n JoseSignatureAlgorithmString,\n JwtDecodedVerifiableCredential,\n Loggers,\n parseDid,\n SdJwtDecodedVerifiableCredentialPayload,\n WrappedW3CVerifiableCredential,\n} from '@sphereon/ssi-types'\nimport {\n CredentialPayload,\n IAgentContext,\n IAgentPlugin,\n IDIDManager,\n IKeyManager,\n IResolver,\n VerifiableCredential,\n W3CVerifiableCredential,\n} from '@veramo/core'\nimport { asArray, computeEntryHash } from '@veramo/utils'\nimport fetch from 'cross-fetch'\nimport { decodeJWT } from 'did-jwt'\nimport { v4 as uuidv4 } from 'uuid'\nimport { OID4VCIMachine } from '../machines/oid4vciMachine'\nimport {\n extractCredentialFromResponse,\n getBasicIssuerLocaleBranding,\n getCredentialBranding,\n getCredentialConfigsSupportedMerged,\n getIdentifierOpts,\n getIssuanceOpts,\n mapCredentialToAccept,\n selectCredentialLocaleBranding,\n startFirstPartApplicationMachine,\n verifyCredentialToAccept,\n} from '../services/OID4VCIHolderService'\nimport {\n AddContactIdentityArgs,\n AssertValidCredentialsArgs,\n Attribute,\n CreateCredentialsToSelectFromArgs,\n CredentialToAccept,\n CredentialToSelectFromResult,\n GetContactArgs,\n GetCredentialArgs,\n GetCredentialsArgs,\n GetFederationTrustArgs,\n GetIssuerBrandingArgs,\n GetIssuerMetadataArgs,\n IOID4VCIHolder,\n IssuanceOpts,\n MappedCredentialToAccept,\n OID4VCIHolderEvent,\n OID4VCIHolderOptions,\n OID4VCIMachine as OID4VCIMachineId,\n OID4VCIMachineInstanceOpts,\n OID4VCIMachineServiceDefinitions,\n OID4VCIMachineServices,\n OnContactIdentityCreatedArgs,\n OnCredentialStoredArgs,\n OnIdentifierCreatedArgs,\n PrepareAuthorizationRequestArgs,\n PrepareAuthorizationResult,\n PrepareStartArgs,\n RequestType,\n RequiredContext,\n SendNotificationArgs,\n StartFirstPartApplicationMachine,\n StartResult,\n StoreCredentialBrandingArgs,\n StoreCredentialsArgs,\n StoreIssuerBrandingArgs,\n VerificationResult,\n VerifyEBSICredentialIssuerArgs,\n VerifyEBSICredentialIssuerResult,\n WalletType,\n} from '../types/IOID4VCIHolder'\n\n/*\n {@inheritDoc IOID4VCIHolder}\n /\n\n// Exposing the methods here for any REST implementation\nexport const oid4vciHolderContextMethods: Array<string> = [\n 'cmGetContacts',\n 'cmGetContact',\n 'cmAddContact',\n 'cmAddIdentity',\n 'ibCredentialLocaleBrandingFrom',\n 'ibAddCredentialBranding',\n 'dataStoreSaveVerifiableCredential',\n 'didManagerFind',\n 'didManagerGet',\n 'keyManagerSign',\n 'verifyCredential',\n]\n\nconst logger = Loggers.DEFAULT.get('sphereon:oid4vci:holder')\n\nexport function signCallback(\n identifier: ManagedIdentifierOptsOrResult,\n context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>,\n nonce?: string,\n) {\n return async (jwt: Jwt, kid?: string, noIssPayloadUpdate?: boolean) => {\n let resolution = await context.agent.identifierManagedGet(identifier)\n const jwk = jwt.header.jwk ?? (resolution.method === 'jwk' ? resolution.jwk : undefined)\n if (!resolution.issuer && !jwt.payload.iss) {\n return Promise.reject(Error(`No issuer could be determined from the JWT ${JSON.stringify(jwt)} or identifier resolution`))\n }\n const header = jwt.header as JwsHeader\n const payload = jwt.payload\n if (nonce) {\n payload.nonce = nonce\n }\n if (jwk && header.kid) {\n console.log(\n `Deleting kid, as we are using a jwk and the oid4vci spec does not allow both to be present (which is not the case in the JOSE spec)`,\n )\n delete header.kid // The OID4VCI spec does not allow a JWK with kid present although the JWS spec does\n }\n return (\n await context.agent.jwtCreateJwsCompactSignature({\n issuer: { ...resolution, noIssPayloadUpdate: noIssPayloadUpdate ?? false },\n protectedHeader: header,\n payload,\n })\n ).jwt\n }\n}\n\nexport async function verifyEBSICredentialIssuer(args: VerifyEBSICredentialIssuerArgs): Promise<VerifyEBSICredentialIssuerResult> {\n const { wrappedVc, issuerType = ['TI'] } = args\n\n const issuer =\n wrappedVc.decoded?.iss ??\n (typeof wrappedVc.decoded?.vc?.issuer === 'string' ? wrappedVc.decoded?.vc?.issuer : wrappedVc.decoded?.vc?.issuer?.existingInstanceId)\n\n if (!issuer) {\n throw Error('The issuer of the VC is required to be present')\n }\n\n const url = `https://api-conformance.ebsi.eu/trusted-issuers-registry/v4/issuers/${issuer}`\n const response = await fetch(url)\n if (response.status !== 200) {\n throw Error('The issuer of the VC cannot be trusted')\n }\n\n const payload = (await response.json()) as VerifyEBSICredentialIssuerResult\n\n if (!payload.attributes.some((a: Attribute) => issuerType.includes(a.issuerType))) {\n throw Error(`The issuer type is required to be one of: ${issuerType.join(', ')}`)\n }\n\n return payload\n}\n\nexport class OID4VCIHolder implements IAgentPlugin {\n private readonly hasher?: HasherSync\n readonly eventTypes: Array<OID4VCIHolderEvent> = [\n OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED,\n OID4VCIHolderEvent.CREDENTIAL_STORED,\n OID4VCIHolderEvent.IDENTIFIER_CREATED,\n ]\n\n readonly methods: IOID4VCIHolder = {\n oid4vciHolderStart: this.oid4vciHolderStart.bind(this),\n oid4vciHolderGetIssuerMetadata: this.oid4vciHolderGetIssuerMetadata.bind(this),\n oid4vciHolderGetMachineInterpreter: this.oid4vciHolderGetMachineInterpreter.bind(this),\n oid4vciHolderPrepareAuthorizationRequest: this.oid4vciHolderPrepareAuthorizationRequest.bind(this),\n oid4vciHolderCreateCredentialsToSelectFrom: this.oid4vciHolderCreateCredentialsToSelectFrom.bind(this),\n oid4vciHolderGetContact: this.oid4vciHolderGetContact.bind(this),\n oid4vciHolderGetCredentials: this.oid4vciHolderGetCredentials.bind(this),\n oid4vciHolderGetCredential: this.oid4vciHolderGetCredential.bind(this),\n oid4vciHolderAddContactIdentity: this.oid4vciHolderAddContactIdentity.bind(this),\n oid4vciHolderAssertValidCredentials: this.oid4vciHolderAssertValidCredentials.bind(this),\n oid4vciHolderStoreCredentialBranding: this.oid4vciHolderStoreCredentialBranding.bind(this),\n oid4vciHolderStoreCredentials: this.oid4vciHolderStoreCredentials.bind(this),\n oid4vciHolderSendNotification: this.oid4vciHolderSendNotification.bind(this),\n oid4vciHolderGetIssuerBranding: this.oid4vciHolderGetIssuerBranding.bind(this),\n oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this),\n }\n\n private readonly vcFormatPreferences: Array<string> = ['dc+sd-jwt', 'vc+sd-jwt', 'mso_mdoc', 'jwt_vc_json', 'jwt_vc', 'ldp_vc'] // TODO see SSISDK-52 concerning vc+sd-jwt\n private readonly jsonldCryptographicSuitePreferences: Array<string> = [\n 'Ed25519Signature2018',\n 'EcdsaSecp256k1Signature2019',\n 'Ed25519Signature2020',\n 'JsonWebSignature2020',\n // \"JcsEd25519Signature2020\"\n ]\n private readonly didMethodPreferences: Array<SupportedDidMethodEnum> = [\n SupportedDidMethodEnum.DID_JWK, // FIXME prefer JWK until we devise a method to detect when to use EBSI/jcs for did:key and when not\n SupportedDidMethodEnum.DID_KEY,\n SupportedDidMethodEnum.DID_OYD,\n SupportedDidMethodEnum.DID_EBSI,\n SupportedDidMethodEnum.DID_ION,\n ]\n private readonly jwtCryptographicSuitePreferences: Array<JoseSignatureAlgorithm \| JoseSignatureAlgorithmString> = [\n JoseSignatureAlgorithm.ES256,\n JoseSignatureAlgorithm.ES256K,\n JoseSignatureAlgorithm.EdDSA,\n ]\n private static readonly DEFAULT_MOBILE_REDIRECT_URI = `${DefaultURISchemes.CREDENTIAL_OFFER}://`\n private readonly defaultAuthorizationRequestOpts: AuthorizationRequestOpts = { redirectUri: OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI }\n private readonly onContactIdentityCreated?: (args: OnContactIdentityCreatedArgs) => Promise<void>\n private readonly onCredentialStored?: (args: OnCredentialStoredArgs) => Promise<void>\n private readonly onIdentifierCreated?: (args: OnIdentifierCreatedArgs) => Promise<void>\n private readonly onVerifyEBSICredentialIssuer?: (args: VerifyEBSICredentialIssuerArgs) => Promise<VerifyEBSICredentialIssuerResult>\n\n constructor(options?: OID4VCIHolderOptions) {\n const {\n onContactIdentityCreated,\n onCredentialStored,\n onIdentifierCreated,\n onVerifyEBSICredentialIssuer,\n vcFormatPreferences,\n jsonldCryptographicSuitePreferences,\n didMethodPreferences,\n jwtCryptographicSuitePreferences,\n defaultAuthorizationRequestOptions,\n hasher = defaultHasher,\n } = { ...options }\n\n this.hasher = hasher\n if (vcFormatPreferences !== undefined && vcFormatPreferences.length > 0) {\n this.vcFormatPreferences = vcFormatPreferences\n }\n if (jsonldCryptographicSuitePreferences !== undefined && jsonldCryptographicSuitePreferences.length > 0) {\n this.jsonldCryptographicSuitePreferences = jsonldCryptographicSuitePreferences\n }\n if (didMethodPreferences !== undefined && didMethodPreferences.length > 0) {\n this.didMethodPreferences = didMethodPreferences\n }\n if (jwtCryptographicSuitePreferences !== undefined && jwtCryptographicSuitePreferences.length > 0) {\n this.jwtCryptographicSuitePreferences = jwtCryptographicSuitePreferences\n }\n if (defaultAuthorizationRequestOptions) {\n this.defaultAuthorizationRequestOpts = defaultAuthorizationRequestOptions\n }\n this.onContactIdentityCreated = onContactIdentityCreated\n this.onCredentialStored = onCredentialStored\n this.onIdentifierCreated = onIdentifierCreated\n this.onVerifyEBSICredentialIssuer = onVerifyEBSICredentialIssuer\n }\n\n public async onEvent(event: any, context: RequiredContext): Promise<void> {\n switch (event.type) {\n case OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED:\n this.onContactIdentityCreated?.(event.data)\n break\n case OID4VCIHolderEvent.CREDENTIAL_STORED:\n this.onCredentialStored?.(event.data)\n break\n case OID4VCIHolderEvent.IDENTIFIER_CREATED:\n this.onIdentifierCreated?.(event.data)\n break\n default:\n return Promise.reject(Error(`Event type ${event.type} not supported`))\n }\n }\n\n /\n FIXME: This method can only be used locally. Creating the interpreter should be local to where the agent is running\n /\n private async oid4vciHolderGetMachineInterpreter(opts: OID4VCIMachineInstanceOpts, context: RequiredContext): Promise<OID4VCIMachineId> {\n const authorizationRequestOpts = { ...this.defaultAuthorizationRequestOpts, ...opts.authorizationRequestOpts }\n const services: OID4VCIMachineServiceDefinitions = {\n [OID4VCIMachineServices.start]: (args: PrepareStartArgs) =>\n this.oid4vciHolderStart(\n {\n ...args,\n authorizationRequestOpts,\n },\n context,\n ),\n [OID4VCIMachineServices.startFirstPartApplicationFlow]: (args: StartFirstPartApplicationMachine) =>\n startFirstPartApplicationMachine({ ...args, stateNavigationListener: opts.firstPartyStateNavigationListener }, context),\n [OID4VCIMachineServices.createCredentialsToSelectFrom]: (args: CreateCredentialsToSelectFromArgs) =>\n this.oid4vciHolderCreateCredentialsToSelectFrom(args, context),\n [OID4VCIMachineServices.prepareAuthorizationRequest]: (args: PrepareAuthorizationRequestArgs) =>\n this.oid4vciHolderPrepareAuthorizationRequest(args, context),\n [OID4VCIMachineServices.getContact]: (args: GetContactArgs) => this.oid4vciHolderGetContact(args, context),\n [OID4VCIMachineServices.getCredentials]: (args: GetCredentialsArgs) =>\n this.oid4vciHolderGetCredentials({ accessTokenOpts: args.accessTokenOpts ?? opts.accessTokenOpts, ...args }, context),\n [OID4VCIMachineServices.addContactIdentity]: (args: AddContactIdentityArgs) => this.oid4vciHolderAddContactIdentity(args, context),\n [OID4VCIMachineServices.getIssuerBranding]: (args: GetIssuerBrandingArgs) => this.oid4vciHolderGetIssuerBranding(args, context),\n [OID4VCIMachineServices.storeIssuerBranding]: (args: StoreIssuerBrandingArgs) => this.oid4vciHolderStoreIssuerBranding(args, context),\n [OID4VCIMachineServices.assertValidCredentials]: (args: AssertValidCredentialsArgs) => this.oid4vciHolderAssertValidCredentials(args, context),\n [OID4VCIMachineServices.storeCredentialBranding]: (args: StoreCredentialBrandingArgs) =>\n this.oid4vciHolderStoreCredentialBranding(args, context),\n [OID4VCIMachineServices.storeCredentials]: (args: StoreCredentialsArgs) => this.oid4vciHolderStoreCredentials(args, context),\n [OID4VCIMachineServices.sendNotification]: (args: SendNotificationArgs) => this.oid4vciHolderSendNotification(args, context),\n [OID4VCIMachineServices.getFederationTrust]: (args: GetFederationTrustArgs) => this.getFederationTrust(args, context),\n }\n\n const oid4vciMachineInstanceArgs: OID4VCIMachineInstanceOpts = {\n ...opts,\n authorizationRequestOpts,\n services: {\n ...services,\n ...opts.services,\n },\n }\n\n const { interpreter } = await OID4VCIMachine.newInstance(oid4vciMachineInstanceArgs, context)\n\n return {\n interpreter,\n }\n }\n\n /\n This method is run before the machine starts! So there is no concept of the state machine context or states yet\n \n The result of this method can be directly passed into the start method of the state machine\n * @param args\n * @param context\n * @private\n /\n private async oid4vciHolderStart(args: PrepareStartArgs, context: RequiredContext): Promise<StartResult> {\n const { requestData } = args\n if (!requestData) {\n throw Error(`Cannot start the OID4VCI holder flow without request data being provided`)\n }\n const { uri = undefined } = requestData\n if (!uri) {\n return Promise.reject(Error('Missing request URI in context'))\n }\n\n const authorizationRequestOpts = { ...this.defaultAuthorizationRequestOpts, ...args.authorizationRequestOpts } satisfies AuthorizationRequestOpts\n // TODO: Previously we filtered the details first against our vcformat prefs. However auth details does not have the notion of formats anymore\n authorizationRequestOpts.authorizationDetails = authorizationRequestOpts?.authorizationDetails\n ? asArray(authorizationRequestOpts.authorizationDetails)\n : undefined\n\n if (!authorizationRequestOpts.redirectUri) {\n authorizationRequestOpts.redirectUri = OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI\n }\n if (authorizationRequestOpts.redirectUri.startsWith('http') && !authorizationRequestOpts.clientId) {\n // At least set a default for a web based wallet.\n // TODO: We really need (dynamic) client registration support\n authorizationRequestOpts.clientId = authorizationRequestOpts.redirectUri\n }\n\n // TODO: This entire filter and formats population should not work anymore, as the auth details no longer have the format property.\n let formats: string[] = this.vcFormatPreferences\n const authFormats = authorizationRequestOpts?.authorizationDetails\n ?.map((detail: AuthorizationDetailsV1_0_15) => (typeof detail === 'object' && 'format' in detail && detail.format ? detail.format : undefined))\n .filter((format) => !!format)\n .map((format) => format as string)\n if (authFormats && authFormats.length > 0) {\n formats = Array.from(new Set(authFormats))\n }\n let oid4vciClient: OpenID4VCIClientV1_0_15\n let offer: CredentialOfferRequestWithBaseUrl \| undefined\n if (requestData.existingClientState) {\n oid4vciClient = await OpenID4VCIClientV1_0_15.fromState({ state: requestData.existingClientState })\n offer = oid4vciClient.credentialOffer\n } else {\n offer = requestData.credentialOffer\n if (\n uri.startsWith(RequestType.OPENID_INITIATE_ISSUANCE) \|\|\n uri.startsWith(RequestType.OPENID_CREDENTIAL_OFFER) \|\|\n uri.match(/https?:\\/\\/.credential_offer(_uri)=?./)\n ) {\n if (!offer) {\n // Let's make sure to convert the URI to offer, as it matches the regexes. Normally this should already have happened at this point though\n offer = await CredentialOfferClient.fromURI(uri)\n }\n } else {\n if (!!offer) {\n logger.warning(`Non default URI used for credential offer: ${uri}`)\n }\n }\n\n if (!offer) {\n // else no offer, meaning we have an issuer URL\n logger.log(`Issuer url received (no credential offer): ${uri}`)\n oid4vciClient = await OpenID4VCIClientV1_0_15.fromCredentialIssuer({\n credentialIssuer: uri,\n authorizationRequest: authorizationRequestOpts,\n clientId: authorizationRequestOpts.clientId,\n createAuthorizationRequestURL: false, // requestData.createAuthorizationRequestURL ?? true,\n })\n } else {\n logger.log(`Credential offer received: ${uri}`)\n oid4vciClient = await OpenID4VCIClientV1_0_15.fromURI({\n uri,\n authorizationRequest: authorizationRequestOpts,\n clientId: authorizationRequestOpts.clientId,\n createAuthorizationRequestURL: false, // requestData.createAuthorizationRequestURL ?? true,\n })\n }\n }\n\n let configurationIds: Array<string> = []\n if (offer) {\n configurationIds = offer.original_credential_offer.credential_configuration_ids\n } else {\n configurationIds = asArray(authorizationRequestOpts.authorizationDetails)\n // .filter((authDetails): authDetails is Exclude<AuthorizationDetailsV1_0_15, string> => typeof authDetails !== 'string')\n .map((authReqOpts) => authReqOpts.credential_configuration_id)\n .filter((id): id is string => !!id)\n }\n\n const credentialsSupported = await getCredentialConfigsSupportedMerged({\n client: oid4vciClient,\n vcFormatPreferences: formats,\n configurationIds,\n })\n\n const serverMetadata = await oid4vciClient.retrieveServerMetadata()\n const credentialBranding = await getCredentialBranding({ credentialsSupported, context })\n const oid4vciClientState = JSON.parse(await oid4vciClient.exportState())\n\n return {\n credentialBranding,\n credentialsSupported,\n serverMetadata,\n oid4vciClientState,\n }\n }\n\n private async oid4vciHolderPrepareAuthorizationRequest(\n args: PrepareAuthorizationRequestArgs,\n context: RequiredContext,\n ): Promise<PrepareAuthorizationResult> {\n const { openID4VCIClientState, contact } = args\n if (!openID4VCIClientState) {\n return Promise.reject(Error('Missing openID4VCI client state in context'))\n }\n\n const clientId = contact?.identities\n .map((identity) => {\n const connectionConfig = identity.connection?.config\n if (connectionConfig && 'clientId' in connectionConfig) {\n return connectionConfig.clientId\n }\n return undefined\n })\n .find((clientId) => clientId)\n\n if (!clientId) {\n return Promise.reject(Error(`Missing client id in contact's connectionConfig`))\n }\n const client = await OpenID4VCIClientV1_0_15.fromState({ state: openID4VCIClientState })\n const authorizationCodeURL = await client.createAuthorizationRequestUrl({\n authorizationRequest: {\n clientId: clientId,\n } satisfies AuthorizationRequestOpts,\n })\n if (authorizationCodeURL) {\n logger.log(`authorization code URL ${authorizationCodeURL}`)\n }\n return {\n authorizationCodeURL,\n // Needed, because the above createAuthorizationRequestUrl manipulates the state, adding pkce opts to the state\n oid4vciClientState: JSON.parse(await client.exportState()),\n }\n }\n\n private async oid4vciHolderCreateCredentialsToSelectFrom(\n args: CreateCredentialsToSelectFromArgs,\n context: RequiredContext,\n ): Promise<Array<CredentialToSelectFromResult>> {\n const { credentialBranding, locale, selectedCredentials /, openID4VCIClientState/, credentialsSupported } = args\n\n // const client = await OpenID4VCIClient.fromState({ state: openID4VCIClientState! }) // TODO see if we need the check openID4VCIClientState defined\n /const credentialsSupported = await getCredentialConfigsSupportedBySingleTypeOrId({\n client,\n vcFormatPreferences: this.vcFormatPreferences,\n })/\n logger.info(`Credentials supported ${Object.keys(credentialsSupported).join(', ')}`)\n\n const credentialSelection: Array<CredentialToSelectFromResult> = await Promise.all(\n Object.entries(credentialsSupported).map(async ([id, credentialConfigSupported]): Promise<CredentialToSelectFromResult> => {\n // FIXME this allows for duplicate VerifiableCredential, which the user has no idea which ones those are and we also have a branding map with unique keys, so some branding will not match\n // const defaultCredentialType = 'VerifiableCredential'\n\n const credentialTypes = getTypesFromObject(credentialConfigSupported)\n // const credentialType = id /?? credentialTypes?.find((type) => type !== defaultCredentialType) ?? defaultCredentialType/\n const localeBranding = !credentialBranding\n ? undefined\n : (credentialBranding?.[id] ??\n Object.entries(credentialBranding)\n .find(([type, _brandings]) => {\n credentialTypes && type in credentialTypes\n })\n ?.map(([type, supported]) => supported))\n const credentialAlias = (\n await selectCredentialLocaleBranding({\n locale,\n localeBranding,\n })\n )?.alias\n\n return {\n id: uuidv4(),\n credentialId: id,\n credentialTypes: credentialTypes ?? asArray(id),\n credentialAlias: credentialAlias ?? id,\n isSelected: false,\n }\n }),\n )\n\n // TODO find better place to do this, would be nice if the machine does this?\n if (credentialSelection.length >= 1) {\n credentialSelection.map((sel) => selectedCredentials.push(sel.credentialId))\n }\n logger.log(`Credential selection ${JSON.stringify(credentialSelection)}`)\n\n return credentialSelection\n }\n\n private async oid4vciHolderGetContact(args: GetContactArgs, context: RequiredContext): Promise<Party \| undefined> {\n const { serverMetadata } = args\n\n if (serverMetadata === undefined) {\n return Promise.reject(Error('Missing serverMetadata in context'))\n }\n\n const names: Set<string> = new Set(\n serverMetadata.credentialIssuerMetadata?.display\n ?.map((display) => display.name)\n .filter((name) => name != undefined)\n .map((name) => name as string) ?? [],\n )\n const name = names.size > 0 ? Array.from(names)[0] : undefined\n\n const correlationId: string = new URL(serverMetadata.issuer).hostname\n\n const filter: FindPartyArgs = [\n {\n identities: {\n identifier: {\n correlationId,\n },\n },\n },\n ]\n\n if (name) {\n filter.push({\n contact: {\n legalName: name,\n },\n })\n filter.push({\n contact: {\n displayName: name,\n },\n })\n }\n\n const parties: Array<Party> = await context.agent.cmGetContacts({\n filter,\n })\n\n if (parties.length > 1) {\n logger.warning(`Get contacts returned more than one result: ${parties.length}, ${parties.map((party) => party.contact.displayName).join(',')}`)\n }\n const party = parties.length >= 1 ? parties[0] : undefined\n\n logger.log(`Party involved: `, party)\n return party\n }\n\n private async oid4vciHolderGetCredentials(args: GetCredentialsArgs, context: RequiredContext): Promise<Array<MappedCredentialToAccept>> {\n const { verificationCode, openID4VCIClientState, didMethodPreferences, issuanceOpt, accessTokenOpts, walletType } = args\n logger.debug(`Getting credentials`, issuanceOpt, accessTokenOpts)\n\n if (!openID4VCIClientState) {\n return Promise.reject(Error('Missing openID4VCI client state in context'))\n }\n\n const client = await OpenID4VCIClientV1_0_15.fromState({ state: openID4VCIClientState })\n const credentialsSupported = await getCredentialConfigsSupportedMerged({\n client,\n vcFormatPreferences: this.vcFormatPreferences,\n configurationIds: args.selectedCredentials,\n })\n const serverMetadata = await client.retrieveServerMetadata()\n const issuanceOpts = await getIssuanceOpts({\n client,\n credentialsSupported,\n serverMetadata,\n context,\n didMethodPreferences: this.selectDidMethodPreferences(didMethodPreferences, walletType),\n jwtCryptographicSuitePreferences: this.jwtCryptographicSuitePreferences,\n jsonldCryptographicSuitePreferences: this.jsonldCryptographicSuitePreferences,\n ...(issuanceOpt && { forceIssuanceOpt: issuanceOpt }),\n })\n\n const getCredentials = issuanceOpts.map(\n async (issuanceOpt: IssuanceOpts): Promise<MappedCredentialToAccept> =>\n await this.oid4vciHolderGetCredential(\n {\n issuanceOpt,\n pin: verificationCode,\n client,\n accessTokenOpts,\n },\n context,\n ),\n )\n\n const allCredentials = await Promise.all(getCredentials)\n logger.log(`Credentials received`, allCredentials)\n\n return allCredentials\n }\n\n private selectDidMethodPreferences(didMethodPreferences: Array<SupportedDidMethodEnum> \| undefined, walletType: WalletType) {\n const supportedDidMethodEnums =\n Array.isArray(didMethodPreferences) && didMethodPreferences.length > 0 ? didMethodPreferences : this.didMethodPreferences\n if (walletType === 'ORGANIZATIONAL') {\n return [SupportedDidMethodEnum.DID_WEB, ...supportedDidMethodEnums]\n }\n return supportedDidMethodEnums\n }\n\n private async oid4vciHolderGetCredential(args: GetCredentialArgs, context: RequiredContext): Promise<MappedCredentialToAccept> {\n const { issuanceOpt, pin, client, accessTokenOpts } = args\n logger.info(`Getting credential`, issuanceOpt)\n\n if (!issuanceOpt) {\n return Promise.reject(Error(`Cannot get credential issuance options`))\n }\n\n const identifier = await getIdentifierOpts({ issuanceOpt, context })\n issuanceOpt.identifier = identifier\n logger.info(`ID opts`, identifier)\n const alg: JoseSignatureAlgorithm \| JoseSignatureAlgorithmString = await signatureAlgorithmFromKey({ key: identifier.key })\n // The VCI lib either expects a jwk or a kid\n const jwk = isManagedIdentifierJwkResult(identifier) ? identifier.jwk : undefined\n\n const callbacks: ProofOfPossessionCallbacks = {\n signCallback: signCallback(identifier, context),\n }\n\n try {\n // We need to make sure we have acquired the access token\n if (!client.clientId) {\n client.clientId = isManagedIdentifierDidResult(identifier) ? identifier.did : identifier.issuer\n }\n let asOpts: AuthorizationServerOpts \| undefined = undefined\n let kid = accessTokenOpts?.clientOpts?.kid ?? identifier.kid\n if (accessTokenOpts?.clientOpts) {\n const clientId = accessTokenOpts.clientOpts.clientId ?? client.clientId ?? identifier.issuer\n if (client.isEBSI() && clientId?.startsWith('http') && kid?.includes('#')) {\n kid = kid.split('#')[1]\n }\n\n //todo: investigate if the jwk should be used here as well if present\n const clientOpts: AuthorizationServerClientOpts = {\n ...accessTokenOpts.clientOpts,\n clientId,\n kid,\n // @ts-ignore\n alg: accessTokenOpts.clientOpts.alg ?? alg,\n signCallbacks: accessTokenOpts.clientOpts.signCallbacks ?? callbacks,\n }\n asOpts = {\n clientOpts,\n }\n }\n\n await client.acquireAccessToken({\n clientId: client.clientId,\n pin,\n authorizationResponse: JSON.parse(await client.exportState()).authorizationCodeResponse,\n additionalRequestParams: accessTokenOpts?.additionalRequestParams,\n ...(asOpts && { asOpts }),\n })\n\n // FIXME: This type mapping is wrong. It should use credential_identifier in case the access token response has authorization details\n const types = getTypesFromObject(issuanceOpt)\n const id: string \| undefined = 'id' in issuanceOpt && issuanceOpt.id ? (issuanceOpt.id as string) : undefined\n const credentialTypes = asArray(issuanceOpt.credentialConfigurationId ?? types ?? id)\n if (!credentialTypes \|\| credentialTypes.length === 0) {\n return Promise.reject(Error('cannot determine credential id to request'))\n }\n\n const credentialDefinition = this.getCredentialDefinition(issuanceOpt)\n const credentialResponse = await client.acquireCredentials({\n ...(credentialDefinition && { context: credentialDefinition['@context'] }),\n credentialTypes,\n proofCallbacks: callbacks,\n format: issuanceOpt.format,\n // TODO: We need to update the machine and add notifications support for actual deferred credentials instead of just waiting/retrying\n deferredCredentialAwait: true,\n ...(issuanceOpt.id && typeof issuanceOpt.id === 'string' ? { credentialConfigurationId: issuanceOpt.id } : undefined),\n ...(!jwk && { kid }), // vci client either wants a jwk or kid. If we have used the jwk method do not provide the kid\n jwk,\n alg,\n jti: uuidv4(),\n })\n\n const credential = {\n id: issuanceOpt.credentialConfigurationId ?? id,\n types: types ?? asArray(credentialTypes),\n issuanceOpt,\n credentialResponse,\n } satisfies CredentialToAccept\n return mapCredentialToAccept({ credentialToAccept: credential, hasher: this.hasher })\n } catch (error) {\n return Promise.reject(error)\n }\n }\n\n private async oid4vciHolderAddContactIdentity(args: AddContactIdentityArgs, context: RequiredContext): Promise<Identity> {\n const { credentialsToAccept, contact } = args\n\n if (!contact) {\n return Promise.reject(Error('Missing contact in context'))\n }\n\n if (credentialsToAccept === undefined \|\| credentialsToAccept.length === 0) {\n return Promise.reject(Error('Missing credential offers in context'))\n }\n\n let correlationId: string = credentialsToAccept[0].correlationId\n let identifierType = CorrelationIdentifierType.DID\n if (!correlationId.toLowerCase().startsWith('did:')) {\n identifierType = CorrelationIdentifierType.URL\n if (correlationId.startsWith('http')) {\n correlationId = new URL(correlationId).hostname\n }\n }\n const identity: NonPersistedIdentity = {\n alias: credentialsToAccept[0].correlationId,\n origin: IdentityOrigin.EXTERNAL,\n roles: [CredentialRole.ISSUER],\n identifier: {\n type: identifierType,\n correlationId,\n },\n ...(identifierType === CorrelationIdentifierType.URL && {\n connection: {\n type: ConnectionType.OPENID_CONNECT,\n config: {\n clientId: '138d7bf8-c930-4c6e-b928-97d3a4928b01',\n clientSecret: '03b3955f-d020-4f2a-8a27-4e452d4e27a0',\n scopes: ['auth'],\n issuer: 'https://example.com/app-test',\n redirectUrl: 'app:/callback',\n dangerouslyAllowInsecureHttpRequests: true,\n clientAuthMethod: 'post' as const,\n },\n },\n }),\n }\n\n await context.agent.emit(OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED, {\n contactId: contact.id,\n identity,\n })\n logger.log(`Contact added: ${correlationId}`)\n\n return context.agent.cmAddIdentity({ contactId: contact.id, identity })\n }\n\n private async oid4vciHolderGetIssuerBranding(\n args: GetIssuerBrandingArgs,\n context: RequiredContext,\n ): Promise<Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>> {\n const { serverMetadata, contact } = args\n\n // Here we are fetching issuer branding for a contact. If no contact is found that means we encounter this contact for the first time. This also means we do not have any branding for the contact.\n const issuerCorrelationId = contact?.identities\n .filter((identity) => identity.roles.includes(CredentialRole.ISSUER))\n .map((identity) => identity.identifier.correlationId)[0]\n\n if (issuerCorrelationId) {\n const branding = await context.agent.ibGetIssuerBranding({ filter: [{ issuerCorrelationId }] })\n if (branding.length > 0) {\n return branding[0].localeBranding\n }\n }\n\n // We should have serverMetadata in the context else something went wrong\n if (!serverMetadata) {\n return Promise.reject(Error('Missing serverMetadata in context'))\n }\n\n return getBasicIssuerLocaleBranding({\n display: serverMetadata.credentialIssuerMetadata?.display ?? [],\n dynamicRegistrationClientMetadata: serverMetadata.credentialIssuerMetadata,\n context,\n })\n }\n\n private async oid4vciHolderStoreIssuerBranding(args: StoreIssuerBrandingArgs, context: RequiredContext): Promise<void> {\n const { issuerBranding, contact } = args\n if (!issuerBranding \|\| issuerBranding.length === 0 \|\| (<Array<IIssuerLocaleBranding>>issuerBranding)[0].id) {\n // FIXME we need better separation between a contact(issuer) we encountered before and it's branding vs a new contact and it's branding\n return\n }\n\n if (!contact) {\n return Promise.reject(Error('Missing contact in context'))\n }\n\n const issuerCorrelationId = contact?.identities\n .filter((identity) => identity.roles.includes(CredentialRole.ISSUER))\n .map((identity) => identity.identifier.correlationId)[0]\n\n // we check for issuer branding as adding an identity might also trigger storing the issuer branding\n const branding = await context.agent.ibGetIssuerBranding({ filter: [{ issuerCorrelationId }] })\n if (branding.length > 0) {\n return\n }\n\n await context.agent.ibAddIssuerBranding({\n localeBranding: issuerBranding as Array<IBasicIssuerLocaleBranding>,\n issuerCorrelationId,\n })\n }\n\n private async oid4vciHolderAssertValidCredentials(args: AssertValidCredentialsArgs, context: RequiredContext): Promise<VerificationResult[]> {\n const { credentialsToAccept, issuanceOpt } = args\n\n return await Promise.all(\n credentialsToAccept.map((credentialToAccept) =>\n verifyCredentialToAccept({\n mappedCredential: credentialToAccept,\n onVerifyEBSICredentialIssuer: this.onVerifyEBSICredentialIssuer,\n hasher: this.hasher,\n schemaValidation: issuanceOpt?.schemaValidation,\n context,\n }),\n ),\n )\n }\n\n private async oid4vciHolderStoreCredentialBranding(args: StoreCredentialBrandingArgs, context: RequiredContext): Promise<void> {\n const { credentialBranding, serverMetadata, selectedCredentials, credentialsToAccept } = args\n\n if (serverMetadata === undefined) {\n return Promise.reject(Error('Missing serverMetadata in context'))\n } else if (selectedCredentials.length === 0) {\n logger.warning(`No credentials selected for issuer: ${serverMetadata.issuer}`)\n return\n }\n\n let counter = 0\n for (const credentialId of selectedCredentials) {\n // The selectedCredential from context is the configurationId, whilst we store the branding by type. We need to map\n const configId = credentialId\n const types =\n credentialsToAccept\n .find((ac) => ac.correlationId === configId \|\| ac.credentialToAccept.id === configId \|\| ac.types.includes(configId))\n ?.types?.filter((type) => type != 'VerifiableCredential') ?? []\n\n const localeBranding: Array<IBasicCredentialLocaleBranding> = credentialBranding?.[configId] ?? []\n if (localeBranding.length === 0) {\n for (const type of types) {\n const branding = credentialBranding?.[type] ?? []\n if (branding.length > 0) {\n localeBranding.push(...branding)\n }\n }\n }\n\n if (localeBranding && localeBranding.length > 0) {\n const credential = credentialsToAccept.find(\n (credAccept) =>\n credAccept.credentialToAccept.id === credentialId \|\|\n JSON.stringify(credAccept.types) === credentialId \|\|\n JSON.stringify(credAccept.types.filter((cred) => cred !== 'VerifiableCredential')) === JSON.stringify(types) \|\|\n credentialsToAccept[counter],\n )!\n counter++\n await context.agent.ibAddCredentialBranding({\n vcHash: computeEntryHash(credential.rawVerifiableCredential as W3CVerifiableCredential),\n issuerCorrelationId: new URL(serverMetadata.issuer).hostname,\n localeBranding,\n })\n logger.log(\n `Credential branding for issuer ${serverMetadata.issuer} and type ${credentialId} stored with locales ${localeBranding.map((b) => b.locale).join(',')}`,\n )\n } else {\n logger.warning(`No credential branding found for issuer: ${serverMetadata.issuer} and type ${credentialId}`)\n }\n }\n }\n\n private async oid4vciHolderStoreCredentials(args: StoreCredentialsArgs, context: RequiredContext): Promise<void> {\n function trimmed(input?: string) {\n const trim = input?.trim()\n if (trim === '') {\n return undefined\n }\n return trim\n }\n\n const { credentialsToAccept, openID4VCIClientState, credentialsSupported, serverMetadata, selectedCredentials } = args\n const mappedCredentialToAccept = credentialsToAccept[0]\n\n if (selectedCredentials && selectedCredentials.length > 1) {\n logger.error(`More than 1 credential selected ${selectedCredentials.join(', ')}, but current service only stores 1 credential!`)\n }\n\n // TODO determine when and how we should store credentials without key kmsKeyRef & id method), this should be tested with the code below\n const issuanceOpt = args.issuanceOpt ?? mappedCredentialToAccept.credentialToAccept.issuanceOpt\n if (!issuanceOpt \|\| !issuanceOpt.identifier) {\n return Promise.reject(Error('issuanceOpt.identifier must me set in order to store a credential'))\n }\n const { kmsKeyRef, method } = issuanceOpt.identifier\n\n let persist = true\n const verifiableCredential = mappedCredentialToAccept.uniformVerifiableCredential as VerifiableCredential\n\n const notificationId = mappedCredentialToAccept.credentialToAccept.credentialResponse.notification_id\n const subjectIssuance = mappedCredentialToAccept.credential_subject_issuance\n const notificationEndpoint = serverMetadata?.credentialIssuerMetadata?.notification_endpoint\n let holderCredential:\n \| IVerifiableCredential\n \| JwtDecodedVerifiableCredential\n \| SdJwtDecodedVerifiableCredentialPayload\n \| W3CVerifiableCredential\n \| undefined = undefined\n if (!notificationEndpoint) {\n logger.log(`Notifications not supported by issuer ${serverMetadata?.issuer}. Will not provide a notification`)\n } else if (notificationEndpoint && !notificationId) {\n logger.warning(\n `Notification endpoint available in issuer metadata with value ${notificationEndpoint}, but no ${notificationId} provided. Will not send a notification to issuer ${serverMetadata?.issuer}`,\n )\n } else if (notificationEndpoint && notificationId) {\n logger.log(`Notification id ${notificationId} found, will send back a notification to ${notificationEndpoint}`)\n let event = 'credential_accepted'\n if (Array.isArray(subjectIssuance?.notification_events_supported)) {\n // experimental subject issuance, where a new credential is being created\n event = subjectIssuance.notification_events_supported.includes('credential_accepted_holder_signed')\n ? 'credential_accepted_holder_signed'\n : 'credential_deleted_holder_signed'\n logger.log(`Subject issuance/signing will be used, with event`, event)\n\n const issuerVC = extractCredentialFromResponse(mappedCredentialToAccept.credentialToAccept.credentialResponse)\n const wrappedIssuerVC = CredentialMapper.toWrappedVerifiableCredential(issuerVC, { hasher: this.hasher ?? defaultHasher })\n console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`)\n // We will use the subject of the VCI Issuer (the holder, as the issuer of the new credential, so the below is not a mistake!)\n\n let issuer: string \| undefined\n\n if (CredentialMapper.isWrappedSdJwtVerifiableCredential(wrappedIssuerVC)) {\n issuer = trimmed(wrappedIssuerVC.decoded?.sub)\n } else if (CredentialMapper.isWrappedW3CVerifiableCredential(wrappedIssuerVC)) {\n issuer =\n trimmed(wrappedIssuerVC.credential?.sub) ??\n // @ts-ignore\n trimmed(wrappedIssuerVC.credential?.credentialSubject?.id) ??\n trimmed(this.idFromW3cCredentialSubject(wrappedIssuerVC))\n } else if (CredentialMapper.isWrappedMdocCredential(wrappedIssuerVC)) {\n return Promise.reject(Error('mdoc not yet supported'))\n }\n\n if (!issuer) {\n issuer = trimmed(verifiableCredential.credentialSubject?.id)\n }\n if (!issuer && openID4VCIClientState?.kid?.startsWith('did:')) {\n issuer = parseDid(openID4VCIClientState?.kid).did\n }\n if (!issuer && openID4VCIClientState?.jwk?.kid?.startsWith('did:')) {\n issuer = parseDid(openID4VCIClientState!.jwk!.kid!).did\n }\n if (!issuer && openID4VCIClientState?.clientId) {\n issuer = trimmed(openID4VCIClientState.clientId)\n }\n if (!issuer && openID4VCIClientState?.accessTokenResponse) {\n const decodedJwt = decodeJWT(openID4VCIClientState.accessTokenResponse.access_token)\n issuer = decodedJwt.payload.sub\n }\n if (!issuer && mappedCredentialToAccept.credentialToAccept.issuanceOpt.identifier) {\n const resolution = await context.agent.identifierManagedGet(mappedCredentialToAccept.credentialToAccept.issuanceOpt.identifier)\n issuer = resolution.issuer\n }\n\n if (!issuer) {\n throw Error(`We could not determine the issuer, which means we cannot sign the credential`)\n }\n logger.log(`Issuer for self-issued credential will be: ${issuer}`)\n\n const holderCredentialToSign = wrappedIssuerVC.decoded\n let proofFormat: CredentialProofFormat = 'lds'\n if (wrappedIssuerVC.format.includes('jwt') && !wrappedIssuerVC.format.includes('mso_mdoc')) {\n holderCredentialToSign.iss = issuer\n proofFormat = 'jwt'\n }\n if ('issuer' in holderCredentialToSign && !('iss' in holderCredentialToSign)) {\n holderCredentialToSign.issuer = issuer\n }\n if ('sub' in holderCredentialToSign) {\n holderCredentialToSign.sub = issuer\n }\n if ('credentialSubject' in holderCredentialToSign && !Array.isArray(holderCredentialToSign.credentialSubject)) {\n holderCredentialToSign.credentialSubject.id = issuer\n }\n if ('vc' in holderCredentialToSign) {\n if (holderCredentialToSign.vc.credentialSubject) {\n holderCredentialToSign.vc.credentialSubject.id = issuer\n }\n holderCredentialToSign.vc.issuer = issuer\n delete holderCredentialToSign.vc.proof\n delete holderCredentialToSign.vc.issuanceDate\n }\n delete holderCredentialToSign.proof\n delete holderCredentialToSign.issuanceDate\n delete holderCredentialToSign.iat\n\n logger.log(`Subject issuance/signing will sign credential of type ${proofFormat}:`, holderCredentialToSign)\n const issuedVC = await context.agent.createVerifiableCredential({\n credential: ('vc' in holderCredentialToSign ? holderCredentialToSign.vc : holderCredentialToSign) as CredentialPayload,\n fetchRemoteContexts: true,\n save: false,\n proofFormat,\n })\n if (!issuedVC) {\n throw Error(`Could not issue holder credential from the wallet`)\n }\n logger.log(`Holder ${issuedVC.issuer} issued new credential with id ${issuedVC.id}`, issuedVC)\n holderCredential = CredentialMapper.storedCredentialToOriginalFormat(issuedVC as IVerifiableCredential)\n persist = event === 'credential_accepted_holder_signed'\n }\n\n const notificationRequest: NotificationRequest = {\n notification_id: notificationId,\n ...(holderCredential && { credential: holderCredential }),\n event,\n }\n\n await this.oid4vciHolderSendNotification(\n {\n openID4VCIClientState,\n stored: persist,\n credentialsToAccept,\n credentialsSupported,\n notificationRequest,\n serverMetadata,\n },\n context,\n )\n }\n const persistCredential = holderCredential\n ? CredentialMapper.storedCredentialToOriginalFormat(holderCredential)\n : mappedCredentialToAccept.rawVerifiableCredential\n if (!persist && holderCredential) {\n logger.log(`Will not persist credential, since we are signing as a holder and the issuer asked not to persist`)\n } else {\n logger.log(`Persisting credential`, persistCredential)\n\n const issuer = CredentialMapper.issuerCorrelationIdFromIssuerType(verifiableCredential.issuer)\n const [subjectCorrelationType, subjectCorrelationId] = this.determineSubjectCorrelation(issuanceOpt.identifier, issuer)\n\n const persistedCredential = await context.agent.crsAddCredential({\n credential: {\n rawDocument: ensureRawDocument(persistCredential),\n kmsKeyRef: kmsKeyRef,\n identifierMethod: method,\n credentialRole: CredentialRole.HOLDER,\n issuerCorrelationType: issuer?.startsWith('did:') ? CredentialCorrelationType.DID : CredentialCorrelationType.URL,\n issuerCorrelationId: issuer,\n subjectCorrelationType,\n subjectCorrelationId,\n },\n })\n await context.agent.emit(OID4VCIHolderEvent.CREDENTIAL_STORED, {\n credential: persistedCredential,\n vcHash: persistedCredential.hash,\n } satisfies OnCredentialStoredArgs)\n }\n }\n\n private async oid4vciHolderSendNotification(args: SendNotificationArgs, context: RequiredContext): Promise<void> {\n const { serverMetadata, notificationRequest, openID4VCIClientState } = args\n const notificationEndpoint = serverMetadata?.credentialIssuerMetadata?.notification_endpoint\n if (!notificationEndpoint) {\n return\n } else if (!openID4VCIClientState) {\n return Promise.reject(Error('Missing openID4VCI client state in context'))\n } else if (!notificationRequest) {\n return Promise.reject(Error('Missing notification request'))\n }\n\n logger.log(`Will send notification to ${notificationEndpoint}`, notificationRequest)\n\n const client = await OpenID4VCIClient.fromState({ state: openID4VCIClientState })\n await client.sendNotification({ notificationEndpoint }, notificationRequest, openID4VCIClientState?.accessTokenResponse?.access_token)\n logger.log(`Notification to ${notificationEndpoint} has been dispatched`)\n }\n\n private async getFederationTrust(args: GetFederationTrustArgs, context: RequiredContext): Promise<Array<string>> {\n const { requestData, serverMetadata, trustAnchors } = args\n\n if (trustAnchors.length === 0) {\n return Promise.reject(Error('No trust anchors found'))\n }\n\n if (!requestData?.uri) {\n return Promise.reject(Error('Missing request URI in context'))\n }\n\n if (!serverMetadata) {\n return Promise.reject(Error('Missing serverMetadata in context'))\n }\n\n const url = new URL(requestData?.uri)\n const params = new URLSearchParams(url.search)\n const openidFederation = params.get('openid_federation')\n const entityIdentifier = openidFederation ?? serverMetadata.issuer\n if (entityIdentifier.startsWith('http://')) {\n console.warn(`OpenID federation does not support http://, only https:// allowed; got: (${url.toString()})`)\n // OIDF always needs to be https\n return []\n }\n\n const result = await context.agent.identifierExternalResolveByOIDFEntityId({\n method: 'entity_id',\n trustAnchors: trustAnchors,\n identifier: entityIdentifier,\n })\n\n return result.trustedAnchors\n }\n\n private async oid4vciHolderGetIssuerMetadata(args: GetIssuerMetadataArgs, context: RequiredContext): Promise<EndpointMetadataResult> {\n const { issuer, errorOnNotFound = true } = args\n return MetadataClient.retrieveAllMetadata(issuer, { errorOnNotFound })\n }\n\n private determineSubjectCorrelation(identifier: ManagedIdentifierOptsOrResult, issuer: string): [CredentialCorrelationType, string] {\n switch (identifier.method) {\n case 'did':\n if (isManagedIdentifierResult(identifier) && isManagedIdentifierDidResult(identifier)) {\n return [CredentialCorrelationType.DID, identifier.did]\n } else if (isManagedIdentifierDidOpts(identifier)) {\n return [CredentialCorrelationType.DID, typeof identifier.identifier === 'string' ? identifier.identifier : identifier.identifier.did]\n }\n break\n case 'kid':\n if (isManagedIdentifierResult(identifier) && isManagedIdentifierKidResult(identifier)) {\n return [CredentialCorrelationType.KID, identifier.kid]\n } else if (isManagedIdentifierDidOpts(identifier)) {\n return [CredentialCorrelationType.KID, identifier.identifier]\n }\n break\n case 'x5c':\n if (isManagedIdentifierResult(identifier) && isManagedIdentifierX5cResult(identifier)) {\n return [CredentialCorrelationType.X509_SAN, identifier.x5c.join('\\r\\n')]\n } else if (isManagedIdentifierX5cOpts(identifier)) {\n return [CredentialCorrelationType.X509_SAN, identifier.identifier.join('\\r\\n')]\n }\n break\n }\n return [CredentialCorrelationType.URL, issuer]\n }\n\n private idFromW3cCredentialSubject(wrappedIssuerVC: WrappedW3CVerifiableCredential): string \| undefined {\n if (Array.isArray(wrappedIssuerVC.credential?.credentialSubject)) {\n if (wrappedIssuerVC.credential?.credentialSubject.length > 0) {\n return wrappedIssuerVC.credential?.credentialSubject[0].id\n }\n } else {\n return wrappedIssuerVC.credential?.credentialSubject?.id\n }\n return undefined\n }\n\n private getCredentialDefinition(issuanceOpt: IssuanceOpts): CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15 \| undefined {\n if (issuanceOpt.format == 'ldp_vc' \|\| issuanceOpt.format == 'jwt_vc_json-ld') {\n return (issuanceOpt as CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_15).credential_definition\n }\n return undefined\n }\n}\n","import { AuthorizationChallengeCodeResponse, AuthzFlowType, toAuthorizationResponsePayload } from '@sphereon/oid4vci-common'\nimport { IBasicIssuerLocaleBranding, Identity, IIssuerLocaleBranding, Party } from '@sphereon/ssi-sdk.data-store-types'\nimport { assign, createMachine, DoneInvokeEvent, interpret } from 'xstate'\nimport { translate } from '../localization/Localization'\nimport {\n AuthorizationResponseEvent,\n ContactAliasEvent,\n ContactConsentEvent,\n CreateContactEvent,\n CreateOID4VCIMachineOpts,\n CredentialToSelectFromResult,\n ErrorDetails,\n StartResult,\n MappedCredentialToAccept,\n OID4VCIMachineAddContactStates,\n OID4VCIMachineContext,\n OID4VCIMachineEvents,\n OID4VCIMachineEventTypes,\n OID4VCIMachineGuards,\n OID4VCIMachineInstanceOpts,\n OID4VCIMachineInterpreter,\n OID4VCIMachineServices,\n OID4VCIMachineState,\n OID4VCIMachineStates,\n OID4VCIMachineVerifyPinStates,\n OID4VCIStateMachine,\n RequiredContext,\n SelectCredentialsEvent,\n SetAuthorizationCodeURLEvent,\n VerificationCodeEvent,\n PrepareAuthorizationResult,\n} from '../types/IOID4VCIHolder'\nimport { FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'\n\nconst oid4vciHasNoContactGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { contact } = _ctx\n return contact === undefined\n}\n\nconst oid4vciHasContactGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { contact } = _ctx\n return contact !== undefined\n}\n\nconst oid4vciContactHasLowTrustGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { contact, trustedAnchors } = _ctx\n return contact !== undefined && trustedAnchors !== undefined && trustedAnchors.length === 0\n}\n\nconst oid4vciCredentialsToSelectRequiredGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { credentialToSelectFrom } = _ctx\n return credentialToSelectFrom && credentialToSelectFrom.length > 1\n}\n\nconst oid4vciRequirePinGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { requestData } = _ctx\n return requestData?.credentialOffer?.userPinRequired === true\n}\n\nconst oid4vciHasNoContactIdentityGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { contact, credentialsToAccept } = _ctx\n let toAcceptId = credentialsToAccept[0].correlationId\n if (toAcceptId.match(/^https?:\\/\\/./)) {\n toAcceptId = new URL(toAcceptId).hostname\n }\n return !contact?.identities.some((identity: Identity): boolean => identity.identifier.correlationId === toAcceptId)\n}\n\nconst oid4vciVerificationCodeGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { verificationCode } = _ctx\n return verificationCode !== undefined && verificationCode.length > 0\n}\n\nconst oid4vciCreateContactGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { contactAlias, hasContactConsent } = _ctx\n return hasContactConsent && !!contactAlias && contactAlias.length > 0\n}\n\nconst oid4vciHasSelectedCredentialsGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { selectedCredentials } = _ctx\n return selectedCredentials !== undefined && selectedCredentials.length > 0\n}\n\nconst oid4vciIsOIDFOriginGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n // TODO in the future we need to establish if a origin is a IDF origin. So we need to check if this metadata is on the well-known location\n const { trustAnchors } = _ctx\n return trustAnchors.length > 0\n}\n\nconst oid4vciNoAuthorizationGuard = (ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n return !oid4vciHasAuthorizationResponse(ctx, _event)\n}\n\n// FIXME refactor this guard\nconst oid4vciRequireAuthorizationGuard = (ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n const { openID4VCIClientState } = ctx\n\n if (!openID4VCIClientState) {\n throw Error('Missing openID4VCI client state in context')\n }\n\n if (openID4VCIClientState.authorizationURL && openID4VCIClientState.authorizationRequestOpts) {\n // We have authz options or there is not credential offer to begin with.\n // We require authz as long as we do not have the authz code response\n return !ctx.openID4VCIClientState?.authorizationCodeResponse\n } else if (openID4VCIClientState.credentialOffer?.supportedFlows?.includes(AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {\n return !ctx.openID4VCIClientState?.authorizationCodeResponse\n } else if (openID4VCIClientState.credentialOffer?.supportedFlows?.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {\n return false\n } else if (openID4VCIClientState.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint) {\n return !ctx.openID4VCIClientState?.authorizationCodeResponse\n }\n return false\n}\n\nconst oid4vciHasAuthorizationResponse = (ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n return !!ctx.openID4VCIClientState?.authorizationCodeResponse\n}\n\nconst oid4vciIsFirstPartyApplication = (ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {\n return !!ctx.serverMetadata?.authorization_challenge_endpoint\n}\n\nconst createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMachine => {\n const initialContext: OID4VCIMachineContext = {\n // TODO WAL-671 we need to store the data from OpenIdProvider here in the context and make sure we can restart the machine with it and init the OpenIdProvider\n accessTokenOpts: opts?.accessTokenOpts,\n requestData: opts?.requestData,\n walletType: opts?.walletType ?? 'NATURAL_PERSON',\n trustAnchors: opts?.trustAnchors ?? [],\n issuanceOpt: opts?.issuanceOpt,\n didMethodPreferences: opts?.didMethodPreferences,\n locale: opts?.locale,\n credentialsSupported: {},\n credentialToSelectFrom: [],\n selectedCredentials: [],\n credentialsToAccept: [],\n hasContactConsent: true,\n contactAlias: '',\n }\n\n return createMachine<OID4VCIMachineContext, OID4VCIMachineEventTypes>({\n id: opts?.machineName ?? 'OID4VCIHolder',\n predictableActionArguments: true,\n initial: OID4VCIMachineStates.start,\n schema: {\n events: {} as OID4VCIMachineEventTypes,\n guards: {} as\n \| { type: OID4VCIMachineGuards.hasNoContactGuard }\n \| { type: OID4VCIMachineGuards.credentialsToSelectRequiredGuard }\n \| { type: OID4VCIMachineGuards.requirePinGuard }\n \| { type: OID4VCIMachineGuards.requireAuthorizationGuard }\n \| { type: OID4VCIMachineGuards.noAuthorizationGuard }\n \| { type: OID4VCIMachineGuards.hasNoContactIdentityGuard }\n \| { type: OID4VCIMachineGuards.verificationCodeGuard }\n \| { type: OID4VCIMachineGuards.hasContactGuard }\n \| { type: OID4VCIMachineGuards.createContactGuard }\n \| { type: OID4VCIMachineGuards.hasSelectedCredentialsGuard }\n \| { type: OID4VCIMachineGuards.hasAuthorizationResponse }\n \| { type: OID4VCIMachineGuards.isOIDFOriginGuard }\n \| { type: OID4VCIMachineGuards.contactHasLowTrustGuard }\n \| { type: OID4VCIMachineGuards.isFirstPartyApplication },\n services: {} as {\n [OID4VCIMachineServices.start]: {\n data: StartResult\n }\n [OID4VCIMachineServices.prepareAuthorizationRequest]: {\n data: PrepareAuthorizationResult\n }\n [OID4VCIMachineServices.createCredentialsToSelectFrom]: {\n data: Array<CredentialToSelectFromResult>\n }\n [OID4VCIMachineServices.getContact]: {\n data: Party \| undefined\n }\n [OID4VCIMachineServices.storeIssuerBranding]: {\n data: void\n }\n [OID4VCIMachineServices.getCredentials]: {\n data: Array<MappedCredentialToAccept> \| undefined\n }\n [OID4VCIMachineServices.addContactIdentity]: {\n data: void\n }\n [OID4VCIMachineServices.assertValidCredentials]: {\n data: void\n }\n [OID4VCIMachineServices.storeCredentialBranding]: {\n data: void\n }\n [OID4VCIMachineServices.storeCredentials]: {\n data: void\n }\n [OID4VCIMachineServices.getFederationTrust]: {\n data: Array<string>\n }\n [OID4VCIMachineServices.getIssuerBranding]: {\n data: Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>\n }\n [OID4VCIMachineServices.startFirstPartApplicationFlow]: {\n data: void\n }\n },\n },\n context: initialContext,\n states: {\n [OID4VCIMachineStates.start]: {\n id: OID4VCIMachineStates.start,\n invoke: {\n src: OID4VCIMachineServices.start,\n onDone: {\n target: OID4VCIMachineStates.createCredentialsToSelectFrom,\n actions: assign({\n credentialBranding: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<StartResult>) => _event.data.credentialBranding ?? {},\n credentialsSupported: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<StartResult>) => _event.data.credentialsSupported,\n serverMetadata: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<StartResult>) => _event.data.serverMetadata,\n openID4VCIClientState: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<StartResult>) => _event.data.oid4vciClientState,\n }),\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_initiation_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.createCredentialsToSelectFrom]: {\n id: OID4VCIMachineStates.createCredentialsToSelectFrom,\n invoke: {\n src: OID4VCIMachineServices.createCredentialsToSelectFrom,\n onDone: {\n target: OID4VCIMachineStates.getContact,\n actions: assign({\n credentialToSelectFrom: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Array<CredentialToSelectFromResult>>) => _event.data,\n }),\n // TODO WAL-670 would be nice if we can have guard that checks if we have at least 1 item in the selection. not sure if this can occur but it would be more defensive.\n // Still cannot find a nice way to do this inside of an invoke besides adding another transition state\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_credential_selection_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.getContact]: {\n id: OID4VCIMachineStates.getContact,\n invoke: {\n src: OID4VCIMachineServices.getContact,\n onDone: {\n target: OID4VCIMachineStates.getIssuerBranding,\n actions: assign({ contact: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Party>) => _event.data }),\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_retrieve_contact_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.getIssuerBranding]: {\n id: OID4VCIMachineStates.getIssuerBranding,\n invoke: {\n src: OID4VCIMachineServices.getIssuerBranding,\n onDone: [\n {\n target: OID4VCIMachineStates.getFederationTrust,\n cond: OID4VCIMachineGuards.isOIDFOriginGuard,\n actions: assign({\n issuerBranding: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>>) =>\n _event.data,\n }),\n },\n {\n target: OID4VCIMachineStates.transitionFromSetup,\n actions: assign({\n issuerBranding: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>>) =>\n _event.data,\n }),\n },\n ],\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_retrieve_issuer_branding_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.getFederationTrust]: {\n id: OID4VCIMachineStates.getFederationTrust,\n invoke: {\n src: OID4VCIMachineServices.getFederationTrust,\n onDone: {\n target: OID4VCIMachineStates.transitionFromSetup,\n actions: assign({\n trustedAnchors: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Array<string>>) => _event.data,\n }),\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_retrieve_federation_trust_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.transitionFromSetup]: {\n id: OID4VCIMachineStates.transitionFromSetup,\n always: [\n {\n target: OID4VCIMachineStates.addContact,\n cond: OID4VCIMachineGuards.hasNoContactGuard,\n },\n {\n target: OID4VCIMachineStates.reviewContact,\n cond: OID4VCIMachineGuards.contactHasLowTrustGuard,\n },\n {\n target: OID4VCIMachineStates.selectCredentials,\n cond: OID4VCIMachineGuards.credentialsToSelectRequiredGuard,\n },\n {\n target: OID4VCIMachineStates.startFirstPartApplicationFlow,\n cond: OID4VCIMachineGuards.isFirstPartyApplication,\n },\n {\n target: OID4VCIMachineStates.prepareAuthorizationRequest,\n cond: OID4VCIMachineGuards.requireAuthorizationGuard,\n },\n {\n target: OID4VCIMachineStates.verifyPin,\n cond: OID4VCIMachineGuards.requirePinGuard,\n },\n {\n target: OID4VCIMachineStates.getCredentials,\n },\n ],\n on: {\n [OID4VCIMachineEvents.SET_AUTHORIZATION_CODE_URL]: {\n actions: assign({ authorizationCodeURL: (_ctx: OID4VCIMachineContext, _event: SetAuthorizationCodeURLEvent) => _event.data }),\n },\n },\n },\n [OID4VCIMachineStates.addContact]: {\n id: OID4VCIMachineStates.addContact,\n initial: OID4VCIMachineAddContactStates.idle,\n on: {\n [OID4VCIMachineEvents.SET_CONTACT_CONSENT]: {\n actions: assign({ hasContactConsent: (_ctx: OID4VCIMachineContext, _event: ContactConsentEvent) => _event.data }),\n },\n [OID4VCIMachineEvents.SET_CONTACT_ALIAS]: {\n actions: assign({ contactAlias: (_ctx: OID4VCIMachineContext, _event: ContactAliasEvent) => _event.data }),\n },\n [OID4VCIMachineEvents.CREATE_CONTACT]: {\n target: `.${OID4VCIMachineAddContactStates.next}`,\n actions: assign({ contact: (_ctx: OID4VCIMachineContext, _event: CreateContactEvent) => _event.data }),\n cond: OID4VCIMachineGuards.createContactGuard,\n },\n [OID4VCIMachineEvents.DECLINE]: {\n target: OID4VCIMachineStates.declined,\n },\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.aborted,\n },\n },\n states: {\n [OID4VCIMachineAddContactStates.idle]: {},\n [OID4VCIMachineAddContactStates.next]: {\n always: {\n target: `#${OID4VCIMachineStates.storeIssuerBranding}`,\n cond: OID4VCIMachineGuards.hasContactGuard,\n },\n },\n },\n },\n [OID4VCIMachineStates.reviewContact]: {\n id: OID4VCIMachineStates.reviewContact,\n on: {\n [OID4VCIMachineEvents.NEXT]: {\n target: OID4VCIMachineStates.transitionFromContactSetup,\n },\n [OID4VCIMachineEvents.DECLINE]: {\n target: OID4VCIMachineStates.declined,\n },\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.aborted,\n },\n },\n },\n [OID4VCIMachineStates.storeIssuerBranding]: {\n id: OID4VCIMachineStates.storeIssuerBranding,\n invoke: {\n src: OID4VCIMachineServices.storeIssuerBranding,\n onDone: {\n target: OID4VCIMachineStates.transitionFromContactSetup,\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_store_issuer_branding_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.transitionFromContactSetup]: {\n id: OID4VCIMachineStates.transitionFromContactSetup,\n always: [\n {\n target: OID4VCIMachineStates.selectCredentials,\n cond: OID4VCIMachineGuards.credentialsToSelectRequiredGuard,\n },\n {\n target: OID4VCIMachineStates.startFirstPartApplicationFlow,\n cond: OID4VCIMachineGuards.isFirstPartyApplication,\n },\n {\n target: OID4VCIMachineStates.prepareAuthorizationRequest,\n cond: OID4VCIMachineGuards.requireAuthorizationGuard,\n },\n {\n target: OID4VCIMachineStates.verifyPin,\n cond: OID4VCIMachineGuards.requirePinGuard,\n },\n {\n target: OID4VCIMachineStates.getCredentials,\n },\n ],\n },\n [OID4VCIMachineStates.startFirstPartApplicationFlow]: {\n id: OID4VCIMachineStates.startFirstPartApplicationFlow,\n invoke: {\n src: OID4VCIMachineServices.startFirstPartApplicationFlow,\n onDone: [\n {\n target: OID4VCIMachineStates.aborted,\n cond: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<FirstPartyMachineStateTypes>): boolean =>\n _event.data === FirstPartyMachineStateTypes.aborted,\n },\n {\n target: OID4VCIMachineStates.declined,\n cond: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<FirstPartyMachineStateTypes>): boolean =>\n _event.data === FirstPartyMachineStateTypes.declined,\n },\n {\n target: OID4VCIMachineStates.getCredentials,\n actions: assign({\n openID4VCIClientState: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeCodeResponse>) => {\n const authorizationCodeResponse = toAuthorizationResponsePayload(_event.data)\n return { ..._ctx.openID4VCIClientState!, authorizationCodeResponse }\n },\n }),\n },\n ],\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<ErrorDetails>): ErrorDetails => ({\n title: _event.data.title ?? translate('oid4vci_machine_first_party_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.selectCredentials]: {\n id: OID4VCIMachineStates.selectCredentials,\n on: {\n [OID4VCIMachineEvents.SET_SELECTED_CREDENTIALS]: {\n actions: assign({ selectedCredentials: (_ctx: OID4VCIMachineContext, _event: SelectCredentialsEvent) => _event.data }),\n },\n [OID4VCIMachineEvents.NEXT]: {\n target: OID4VCIMachineStates.transitionFromSelectingCredentials,\n cond: OID4VCIMachineGuards.hasSelectedCredentialsGuard,\n },\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.aborted,\n },\n },\n },\n [OID4VCIMachineStates.transitionFromSelectingCredentials]: {\n id: OID4VCIMachineStates.transitionFromSelectingCredentials,\n always: [\n {\n target: OID4VCIMachineStates.startFirstPartApplicationFlow,\n cond: OID4VCIMachineGuards.isFirstPartyApplication,\n },\n {\n target: OID4VCIMachineStates.prepareAuthorizationRequest,\n cond: OID4VCIMachineGuards.requireAuthorizationGuard,\n },\n {\n target: OID4VCIMachineStates.verifyPin,\n cond: OID4VCIMachineGuards.requirePinGuard,\n },\n {\n target: OID4VCIMachineStates.getCredentials,\n },\n ],\n },\n [OID4VCIMachineStates.prepareAuthorizationRequest]: {\n id: OID4VCIMachineStates.prepareAuthorizationRequest,\n invoke: {\n src: OID4VCIMachineServices.prepareAuthorizationRequest,\n onDone: {\n target: OID4VCIMachineStates.initiateAuthorizationRequest,\n actions: assign({\n authorizationCodeURL: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<PrepareAuthorizationResult>) =>\n _event.data.authorizationCodeURL,\n openID4VCIClientState: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<PrepareAuthorizationResult>) => _event.data.oid4vciClientState,\n }),\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_prepare_authorization_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.initiateAuthorizationRequest]: {\n id: OID4VCIMachineStates.initiateAuthorizationRequest,\n on: {\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.selectCredentials,\n },\n [OID4VCIMachineEvents.INVOKED_AUTHORIZATION_CODE_REQUEST]: {\n target: OID4VCIMachineStates.waitForAuthorizationResponse,\n },\n },\n },\n [OID4VCIMachineStates.waitForAuthorizationResponse]: {\n id: OID4VCIMachineStates.waitForAuthorizationResponse,\n on: {\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.initiateAuthorizationRequest,\n },\n [OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE]: {\n actions: assign({\n openID4VCIClientState: (_ctx: OID4VCIMachineContext, _event: AuthorizationResponseEvent) => {\n const authorizationCodeResponse = toAuthorizationResponsePayload(_event.data)\n return { ..._ctx.openID4VCIClientState!, authorizationCodeResponse }\n },\n }),\n },\n },\n always: [\n {\n cond: OID4VCIMachineGuards.hasAuthorizationResponse,\n target: OID4VCIMachineStates.getCredentials,\n },\n ],\n },\n [OID4VCIMachineStates.verifyPin]: {\n id: OID4VCIMachineStates.verifyPin,\n initial: OID4VCIMachineVerifyPinStates.idle,\n on: {\n [OID4VCIMachineEvents.SET_VERIFICATION_CODE]: {\n target: `.${OID4VCIMachineVerifyPinStates.next}`,\n actions: assign({ verificationCode: (_ctx: OID4VCIMachineContext, _event: VerificationCodeEvent) => _event.data }),\n },\n [OID4VCIMachineEvents.PREVIOUS]: [\n {\n target: OID4VCIMachineStates.selectCredentials,\n cond: OID4VCIMachineGuards.credentialsToSelectRequiredGuard,\n },\n {\n target: OID4VCIMachineStates.aborted,\n },\n ],\n },\n states: {\n [OID4VCIMachineVerifyPinStates.idle]: {},\n [OID4VCIMachineVerifyPinStates.next]: {\n always: {\n target: `#${OID4VCIMachineStates.getCredentials}`,\n cond: OID4VCIMachineGuards.verificationCodeGuard,\n },\n },\n },\n },\n [OID4VCIMachineStates.getCredentials]: {\n id: OID4VCIMachineStates.getCredentials,\n invoke: {\n src: OID4VCIMachineServices.getCredentials,\n onDone: {\n target: OID4VCIMachineStates.verifyCredentials,\n actions: assign({\n credentialsToAccept: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Array<MappedCredentialToAccept>>) => _event.data,\n }),\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_retrieve_credentials_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n exit: assign({ verificationCode: undefined }),\n },\n [OID4VCIMachineStates.verifyCredentials]: {\n id: OID4VCIMachineStates.verifyCredentials,\n invoke: {\n src: OID4VCIMachineServices.assertValidCredentials,\n onDone: {\n target: OID4VCIMachineStates.transitionFromWalletInput,\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_verify_credentials_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.transitionFromWalletInput]: {\n id: OID4VCIMachineStates.transitionFromWalletInput,\n always: [\n {\n target: OID4VCIMachineStates.addContactIdentity,\n cond: OID4VCIMachineGuards.hasNoContactIdentityGuard,\n },\n {\n target: OID4VCIMachineStates.reviewCredentials,\n },\n ],\n },\n [OID4VCIMachineStates.addContactIdentity]: {\n id: OID4VCIMachineStates.addContactIdentity,\n invoke: {\n src: OID4VCIMachineServices.addContactIdentity,\n onDone: {\n target: OID4VCIMachineStates.addIssuerBrandingAfterIdentity,\n actions: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Identity>): void => {\n _ctx.contact?.identities.push(_event.data)\n },\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_add_contact_identity_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.addIssuerBrandingAfterIdentity]: {\n id: OID4VCIMachineStates.addIssuerBrandingAfterIdentity,\n invoke: {\n src: OID4VCIMachineServices.storeIssuerBranding,\n onDone: {\n target: OID4VCIMachineStates.reviewCredentials,\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_store_issuer_branding_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.reviewCredentials]: {\n id: OID4VCIMachineStates.reviewCredentials,\n on: {\n [OID4VCIMachineEvents.NEXT]: {\n target: OID4VCIMachineStates.storeCredentialBranding,\n },\n [OID4VCIMachineEvents.DECLINE]: {\n target: OID4VCIMachineStates.declined,\n },\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.aborted,\n },\n },\n },\n [OID4VCIMachineStates.storeCredentialBranding]: {\n id: OID4VCIMachineStates.storeCredentialBranding,\n invoke: {\n src: OID4VCIMachineServices.storeCredentialBranding,\n onDone: {\n target: OID4VCIMachineStates.storeCredentials,\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_store_credential_branding_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.storeCredentials]: {\n id: OID4VCIMachineStates.storeCredentials,\n invoke: {\n src: OID4VCIMachineServices.storeCredentials,\n onDone: {\n target: OID4VCIMachineStates.done,\n },\n onError: {\n target: OID4VCIMachineStates.handleError,\n actions: assign({\n error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_store_credential_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [OID4VCIMachineStates.handleError]: {\n id: OID4VCIMachineStates.handleError,\n on: {\n [OID4VCIMachineEvents.NEXT]: {\n target: OID4VCIMachineStates.error,\n },\n [OID4VCIMachineEvents.PREVIOUS]: {\n target: OID4VCIMachineStates.error,\n },\n },\n },\n [OID4VCIMachineStates.aborted]: {\n id: OID4VCIMachineStates.aborted,\n type: 'final',\n },\n [OID4VCIMachineStates.declined]: {\n id: OID4VCIMachineStates.declined,\n type: 'final',\n },\n [OID4VCIMachineStates.error]: {\n id: OID4VCIMachineStates.error,\n type: 'final',\n },\n [OID4VCIMachineStates.done]: {\n id: OID4VCIMachineStates.done,\n type: 'final',\n },\n },\n })\n}\n\nexport class OID4VCIMachine {\n static async newInstance(opts: OID4VCIMachineInstanceOpts, context: RequiredContext): Promise<{ interpreter: OID4VCIMachineInterpreter }> {\n const interpreter: OID4VCIMachineInterpreter = interpret(\n createOID4VCIMachine(opts).withConfig({\n services: {\n ...opts?.services,\n },\n guards: {\n oid4vciHasNoContactGuard,\n oid4vciCredentialsToSelectRequiredGuard,\n oid4vciRequirePinGuard,\n oid4vciHasNoContactIdentityGuard,\n oid4vciVerificationCodeGuard,\n oid4vciHasContactGuard,\n oid4vciCreateContactGuard,\n oid4vciHasSelectedCredentialsGuard,\n oid4vciRequireAuthorizationGuard,\n oid4vciNoAuthorizationGuard,\n oid4vciHasAuthorizationResponse,\n oid4vciIsOIDFOriginGuard,\n oid4vciContactHasLowTrustGuard,\n oid4vciIsFirstPartyApplication,\n ...opts?.guards,\n },\n }),\n )\n\n if (typeof opts?.subscription === 'function') {\n interpreter.onTransition(opts.subscription)\n }\n if (opts?.requireCustomNavigationHook !== true) {\n if (typeof opts?.stateNavigationListener === 'function') {\n interpreter.onTransition((snapshot: OID4VCIMachineState): void => {\n if (opts?.stateNavigationListener) {\n opts.stateNavigationListener(interpreter, snapshot)\n }\n })\n }\n }\n\n return { interpreter }\n }\n}\n","import i18n, { Scope, TranslateOptions } from 'i18n-js'\nimport memoize from 'lodash.memoize'\nimport { SupportedLanguage } from '../types/IOID4VCIHolder'\n\nclass Localization {\n private static translationGetters: { [locale: string]: () => object } = {\n [SupportedLanguage.ENGLISH]: () => require('./translations/en.json'),\n [SupportedLanguage.DUTCH]: () => require('./translations/nl.json'),\n }\n\n public static translate: any = memoize(\n (key: Scope, config?: TranslateOptions) => {\n // If no LocaleProvider is used we need to load the default locale as the translations will be empty\n if (Object.keys(i18n.translations).length === 0) {\n i18n.translations = {\n [SupportedLanguage.ENGLISH]: Localization.translationGetters[SupportedLanguage.ENGLISH](),\n }\n i18n.locale = SupportedLanguage.ENGLISH\n } else {\n i18n.translations = {\n [i18n.locale]: {\n ...i18n.translations[i18n.locale],\n ...Localization.translationGetters[this.findSupportedLanguage(i18n.locale) \|\| SupportedLanguage.ENGLISH](),\n },\n }\n }\n\n return i18n.t(key, config)\n },\n (key: Scope, config?: TranslateOptions) => (config ? key + JSON.stringify(config) : key),\n )\n\n private static findSupportedLanguage = (locale: string): string \| undefined => {\n for (const language of Object.values(SupportedLanguage)) {\n if (language === locale) {\n return language\n }\n }\n\n return undefined\n }\n\n public static getLocale = (): string => {\n return i18n.locale \|\| SupportedLanguage.ENGLISH\n }\n}\n\nexport const translate = Localization.translate\nexport default Localization\n","import { DynamicRegistrationClientMetadata } from '@sphereon/oid4vc-common'\nimport { OpenID4VCIClientState, OpenID4VCIClientV1_0_15 } from '@sphereon/oid4vci-client'\nimport {\n AuthorizationRequestOpts,\n AuthorizationResponse,\n AuthorizationServerClientOpts,\n AuthzFlowType,\n CredentialConfigurationSupported,\n CredentialOfferRequestWithBaseUrl,\n CredentialResponse,\n CredentialResponseV1_0_15,\n CredentialsSupportedDisplay,\n EndpointMetadataResult,\n ExperimentalSubjectIssuance,\n IssuerCredentialSubject,\n MetadataDisplay,\n NotificationRequest,\n} from '@sphereon/oid4vci-common'\nimport { CreateOrGetIdentifierOpts, IdentifierProviderOpts, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n IIdentifierResolution,\n ManagedIdentifierMethod,\n ManagedIdentifierOptsOrResult,\n ManagedIdentifierResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IContactManager } from '@sphereon/ssi-sdk.contact-manager'\nimport { ICredentialStore } from '@sphereon/ssi-sdk.credential-store'\nimport { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'\nimport {\n DigitalCredential,\n IBasicCredentialClaim,\n IBasicCredentialLocaleBranding,\n IBasicIssuerLocaleBranding,\n Identity,\n IIssuerLocaleBranding,\n Party,\n} from '@sphereon/ssi-sdk.data-store-types'\nimport { IIssuanceBranding } from '@sphereon/ssi-sdk.issuance-branding'\nimport { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'\nimport { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IDidAuthSiopOpAuthenticator } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport {\n HasherSync,\n IVerifiableCredential,\n JoseSignatureAlgorithm,\n JoseSignatureAlgorithmString,\n OriginalVerifiableCredential,\n SdJwtClaimMetadata,\n SdJwtTypeDisplayMetadata,\n W3CVerifiableCredential,\n WrappedVerifiableCredential,\n WrappedVerifiablePresentation,\n} from '@sphereon/ssi-types'\nimport {\n IAgentContext,\n ICredentialIssuer,\n ICredentialVerifier,\n IDIDManager,\n IKeyManager,\n IPluginMethodMap,\n IResolver,\n TAgent,\n TKeyType,\n VerificationPolicies,\n} from '@veramo/core'\nimport { BaseActionObject, Interpreter, ResolveTypegenMeta, ServiceMap, State, StateMachine, TypegenDisabled } from 'xstate'\nimport { FirstPartyMachineStateNavigationListener } from './FirstPartyMachine'\n\nexport interface IOID4VCIHolder extends IPluginMethodMap {\n oid4vciHolderGetIssuerMetadata(args: GetIssuerMetadataArgs, context: RequiredContext): Promise<EndpointMetadataResult>\n\n oid4vciHolderGetMachineInterpreter(args: GetMachineArgs, context: RequiredContext): Promise<OID4VCIMachine> // FIXME is using GetMachineArgs as args but the function uses OID4VCIMachineInstanceOpts\n\n oid4vciHolderStart(args: PrepareStartArgs, context: RequiredContext): Promise<StartResult>\n\n oid4vciHolderCreateCredentialsToSelectFrom(\n args: CreateCredentialsToSelectFromArgs,\n context: RequiredContext,\n ): Promise<Array<CredentialToSelectFromResult>>\n\n oid4vciHolderPrepareAuthorizationRequest(args: PrepareAuthorizationRequestArgs, context: RequiredContext): Promise<PrepareAuthorizationResult>\n oid4vciHolderGetContact(args: GetContactArgs, context: RequiredContext): Promise<Party \| undefined>\n\n oid4vciHolderGetCredentials(args: GetCredentialsArgs, context: RequiredContext): Promise<Array<MappedCredentialToAccept>>\n\n oid4vciHolderGetCredential(args: GetCredentialArgs, context: RequiredContext): Promise<MappedCredentialToAccept>\n\n oid4vciHolderAddContactIdentity(args: AddContactIdentityArgs, context: RequiredContext): Promise<Identity>\n\n oid4vciHolderAssertValidCredentials(args: AssertValidCredentialsArgs, context: RequiredContext): Promise<Array<VerificationResult>>\n\n oid4vciHolderGetIssuerBranding(\n args: GetIssuerBrandingArgs,\n context: RequiredContext,\n ): Promise<Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>>\n\n oid4vciHolderStoreIssuerBranding(args: StoreIssuerBrandingArgs, context: RequiredContext): Promise<void>\n\n oid4vciHolderStoreCredentialBranding(args: StoreCredentialBrandingArgs, context: RequiredContext): Promise<void>\n\n oid4vciHolderStoreCredentials(args: StoreCredentialsArgs, context: RequiredContext): Promise<void>\n}\n\nexport type OID4VCIHolderOptions = {\n onContactIdentityCreated?: (args: OnContactIdentityCreatedArgs) => Promise<void>\n onCredentialStored?: (args: OnCredentialStoredArgs) => Promise<void>\n onIdentifierCreated?: (args: OnIdentifierCreatedArgs) => Promise<void>\n onVerifyEBSICredentialIssuer?: (args: VerifyEBSICredentialIssuerArgs) => Promise<VerifyEBSICredentialIssuerResult>\n vcFormatPreferences?: Array<string>\n jsonldCryptographicSuitePreferences?: Array<string>\n defaultAuthorizationRequestOptions?: AuthorizationRequestOpts\n didMethodPreferences?: Array<SupportedDidMethodEnum>\n jwtCryptographicSuitePreferences?: Array<JoseSignatureAlgorithm \| JoseSignatureAlgorithmString>\n hasher?: HasherSync\n}\n\nexport type OnContactIdentityCreatedArgs = {\n contactId: string\n identity: Identity\n}\n\nexport type GetIssuerMetadataArgs = {\n issuer: string\n errorOnNotFound?: boolean\n}\n\nexport type OnCredentialStoredArgs = {\n credential: DigitalCredential\n vcHash: string\n}\n\nexport type OnIdentifierCreatedArgs = {\n identifier: ManagedIdentifierResult\n}\n\nexport type GetMachineArgs = {\n requestData: RequestData\n walletType: WalletType\n trustAnchors?: Array<string>\n authorizationRequestOpts?: AuthorizationRequestOpts\n clientOpts?: AuthorizationServerClientOpts\n didMethodPreferences?: Array<SupportedDidMethodEnum>\n issuanceOpt?: Partial<IssuanceOpts>\n stateNavigationListener?: OID4VCIMachineStateNavigationListener\n firstPartyStateNavigationListener?: FirstPartyMachineStateNavigationListener\n}\n\nexport type PrepareStartArgs = Pick<\n OID4VCIMachineContext,\n 'requestData' \| 'authorizationRequestOpts' \| 'didMethodPreferences' \| 'issuanceOpt' \| 'accessTokenOpts'\n>\nexport type PrepareAuthorizationRequestArgs = Pick<OID4VCIMachineContext, 'openID4VCIClientState' \| 'contact'>\nexport type CreateCredentialsToSelectFromArgs = Pick<\n OID4VCIMachineContext,\n 'credentialsSupported' \| 'credentialBranding' \| 'selectedCredentials' \| 'locale' \| 'openID4VCIClientState'\n>\nexport type GetContactArgs = Pick<OID4VCIMachineContext, 'serverMetadata'>\nexport type GetCredentialsArgs = Pick<\n OID4VCIMachineContext,\n 'verificationCode' \| 'openID4VCIClientState' \| 'selectedCredentials' \| 'didMethodPreferences' \| 'issuanceOpt' \| 'accessTokenOpts' \| 'walletType'\n>\nexport type AddContactIdentityArgs = Pick<OID4VCIMachineContext, 'credentialsToAccept' \| 'contact'>\nexport type GetIssuerBrandingArgs = Pick<OID4VCIMachineContext, 'serverMetadata' \| 'contact'>\nexport type StoreIssuerBrandingArgs = Pick<OID4VCIMachineContext, 'issuerBranding' \| 'contact'>\nexport type AssertValidCredentialsArgs = Pick<OID4VCIMachineContext, 'credentialsToAccept' \| 'issuanceOpt'>\nexport type StoreCredentialBrandingArgs = Pick<\n OID4VCIMachineContext,\n 'serverMetadata' \| 'credentialBranding' \| 'selectedCredentials' \| 'credentialsToAccept'\n>\nexport type StoreCredentialsArgs = Pick<\n OID4VCIMachineContext,\n 'credentialsToAccept' \| 'serverMetadata' \| 'credentialsSupported' \| 'openID4VCIClientState' \| 'selectedCredentials' \| 'issuanceOpt'\n>\nexport type SendNotificationArgs = Pick<\n OID4VCIMachineContext,\n 'credentialsToAccept' \| 'serverMetadata' \| 'credentialsSupported' \| 'openID4VCIClientState'\n> & { notificationRequest?: NotificationRequest; stored: boolean }\nexport type GetFederationTrustArgs = Pick<OID4VCIMachineContext, 'requestData' \| 'trustAnchors' \| 'serverMetadata'>\nexport type StartFirstPartApplicationMachine = Pick<OID4VCIMachineContext, 'openID4VCIClientState' \| 'contact'> & {\n stateNavigationListener?: FirstPartyMachineStateNavigationListener\n}\n\nexport enum OID4VCIHolderEvent {\n CONTACT_IDENTITY_CREATED = 'contact_identity_created',\n CREDENTIAL_STORED = 'credential_stored',\n IDENTIFIER_CREATED = 'identifier_created',\n}\n\nexport type RequestData = {\n credentialOffer?: CredentialOfferRequestWithBaseUrl // This object needs to be created/prepared with the OID4VCI credential offer client\n code?: string // Authorization code\n uri: string // Either a credential offer URI, or issuer URI. If a credential offer URI. If a credential offer URI it is suggested to include the credential offer, otherwise we try to detect it ourselves\n existingClientState?: string // Allows us to start with an existing client state. Meaning someone had a client instance before starting the flow\n createAuthorizationRequestURL?: boolean // Create or do not create an authorization request URL. The default is true\n flowType?: AuthzFlowType // Force a particular flow type if there is an option.\n [x: string]: any\n}\n\nexport enum SupportedLanguage {\n ENGLISH = 'en',\n DUTCH = 'nl',\n}\n\nexport type VerifyCredentialToAcceptArgs = {\n mappedCredential: MappedCredentialToAccept\n onVerifyEBSICredentialIssuer?: (args: VerifyEBSICredentialIssuerArgs) => Promise<VerifyEBSICredentialIssuerResult>\n hasher?: HasherSync\n schemaValidation?: SchemaValidation\n context: RequiredContext\n}\n\nexport type MappedCredentialToAccept = ExperimentalSubjectIssuance & {\n correlationId: string\n types: string[]\n credentialToAccept: CredentialToAccept\n uniformVerifiableCredential: IVerifiableCredential\n rawVerifiableCredential: W3CVerifiableCredential\n}\n\nexport type OID4VCIMachineContext = {\n authorizationRequestOpts?: AuthorizationRequestOpts\n accessTokenOpts?: AccessTokenOpts\n didMethodPreferences?: Array<SupportedDidMethodEnum>\n issuanceOpt?: IssuanceOpts\n trustAnchors: Array<string>\n requestData?: RequestData // TODO WAL-673 fix type as this is not always a qr code (deeplink)\n locale?: string\n authorizationCodeURL?: string\n issuerBranding?: Array<IIssuerLocaleBranding \| IBasicIssuerLocaleBranding>\n credentialBranding?: Record<string, Array<IBasicCredentialLocaleBranding>>\n credentialsSupported: Record<string, CredentialConfigurationSupported>\n serverMetadata?: EndpointMetadataResult\n openID4VCIClientState?: OpenID4VCIClientState\n credentialToSelectFrom: Array<CredentialToSelectFromResult>\n contactAlias: string\n walletType: WalletType\n contact?: Party\n selectedCredentials: Array<string>\n credentialsToAccept: Array<MappedCredentialToAccept>\n verificationCode?: string // TODO WAL-672 refactor to not store verificationCode in the context\n hasContactConsent: boolean\n trustedAnchors?: Array<string>\n error?: ErrorDetails\n}\n\nexport enum OID4VCIMachineStates {\n start = 'start',\n createCredentialsToSelectFrom = 'createCredentialsToSelectFrom',\n getContact = 'getContact',\n transitionFromSetup = 'transitionFromSetup',\n getFederationTrust = 'getFederationTrust',\n reviewContact = 'reviewContact',\n addContact = 'addContact',\n getIssuerBranding = 'getIssuerBranding',\n storeIssuerBranding = 'storeIssuerBranding',\n addIssuerBrandingAfterIdentity = 'addIssuerBrandingAfterIdentity',\n transitionFromContactSetup = 'transitionFromContactSetup',\n startFirstPartApplicationFlow = 'startFirstPartApplicationFlow',\n selectCredentials = 'selectCredentials',\n transitionFromSelectingCredentials = 'transitionFromSelectingCredentials',\n verifyPin = 'verifyPin',\n prepareAuthorizationRequest = 'prepareAuthorizationRequest',\n initiateAuthorizationRequest = 'initiateAuthorizationRequest',\n waitForAuthorizationResponse = 'waitForAuthorizationResponse',\n getCredentials = 'getCredentials',\n transitionFromWalletInput = 'transitionFromWalletInput',\n addContactIdentity = 'addContactIdentity',\n reviewCredentials = 'reviewCredentials',\n verifyCredentials = 'verifyCredentials',\n storeCredentialBranding = 'storeCredentialBranding',\n storeCredentials = 'storeCredentials',\n handleError = 'handleError',\n aborted = 'aborted',\n declined = 'declined',\n error = 'error',\n done = 'done',\n}\n\nexport enum OID4VCIMachineAddContactStates {\n idle = 'idle',\n next = 'next',\n}\n\nexport enum OID4VCIMachineVerifyPinStates {\n idle = 'idle',\n next = 'next',\n}\n\nexport type OID4VCIMachineInterpreter = Interpreter<\n OID4VCIMachineContext,\n any,\n OID4VCIMachineEventTypes,\n { value: any; context: OID4VCIMachineContext },\n any\n>\n\nexport type OID4VCIMachineState = State<\n OID4VCIMachineContext,\n OID4VCIMachineEventTypes,\n any,\n {\n value: any\n context: OID4VCIMachineContext\n },\n any\n>\n\nexport type OID4VCIStateMachine = StateMachine<\n OID4VCIMachineContext,\n any,\n OID4VCIMachineEventTypes,\n { value: any; context: OID4VCIMachineContext },\n BaseActionObject,\n ServiceMap,\n ResolveTypegenMeta<TypegenDisabled, OID4VCIMachineEventTypes, BaseActionObject, ServiceMap>\n>\n\nexport type CreateOID4VCIMachineOpts = {\n requestData: RequestData\n walletType: WalletType\n machineName?: string\n locale?: string\n trustAnchors?: Array<string>\n stateDefinition?: OID4VCIMachineState\n didMethodPreferences?: Array<SupportedDidMethodEnum>\n accessTokenOpts?: AccessTokenOpts\n issuanceOpt?: IssuanceOpts\n}\n\nexport type OID4VCIMachineStateNavigationListener = (\n oid4vciMachine: OID4VCIMachineInterpreter,\n state: OID4VCIMachineState,\n navigation?: any,\n) => Promise<void>\n\nexport type OID4VCIMachineInstanceOpts = {\n services?: any\n guards?: any\n subscription?: () => void\n requireCustomNavigationHook?: boolean\n authorizationRequestOpts?: AuthorizationRequestOpts\n didMethodPreferences?: Array<SupportedDidMethodEnum>\n issuanceOpt?: IssuanceOpts // restrict the issuance to these opts\n stateNavigationListener?: OID4VCIMachineStateNavigationListener\n firstPartyStateNavigationListener?: FirstPartyMachineStateNavigationListener\n} & CreateOID4VCIMachineOpts\n\nexport type OID4VCIProviderProps = {\n children?: any\n customOID4VCIInstance?: OID4VCIMachineInterpreter\n}\n\nexport type OID4VCIContext = {\n oid4vciInstance?: OID4VCIMachineInterpreter\n}\n\nexport type OID4VCIMachineNavigationArgs = {\n oid4vciMachine: OID4VCIMachineInterpreter\n state: OID4VCIMachineState\n navigation: any\n onNext?: () => void\n onBack?: () => void\n}\n\nexport enum OID4VCIMachineEvents {\n NEXT = 'NEXT',\n PREVIOUS = 'PREVIOUS',\n DECLINE = 'DECLINE',\n CREATE_CONTACT = 'CREATE_CONTACT',\n SET_VERIFICATION_CODE = 'SET_VERIFICATION_CODE',\n SET_CONTACT_ALIAS = 'SET_CONTACT_ALIAS',\n SET_CONTACT_CONSENT = 'SET_CONTACT_CONSENT',\n SET_SELECTED_CREDENTIALS = 'SET_SELECTED_CREDENTIALS',\n SET_AUTHORIZATION_CODE_URL = 'SET_AUTHORIZATION_CODE_URL',\n INVOKED_AUTHORIZATION_CODE_REQUEST = 'INVOKED_AUTHORIZATION_CODE_REQUEST',\n PROVIDE_AUTHORIZATION_CODE_RESPONSE = 'PROVIDE_AUTHORIZATION_CODE_RESPONSE',\n}\n\nexport enum OID4VCIMachineGuards {\n hasContactGuard = 'oid4vciHasContactGuard',\n hasNoContactGuard = 'oid4vciHasNoContactGuard',\n credentialsToSelectRequiredGuard = 'oid4vciCredentialsToSelectRequiredGuard',\n requirePinGuard = 'oid4vciRequirePinGuard',\n requireAuthorizationGuard = 'oid4vciRequireAuthorizationGuard',\n noAuthorizationGuard = 'oid4vciNoAuthorizationGuard',\n hasNonceEndpointGuard = 'oid4vciHasNonceEndpointGuard ',\n hasAuthorizationResponse = 'oid4vciHasAuthorizationResponse',\n hasNoContactIdentityGuard = 'oid4vciHasNoContactIdentityGuard',\n verificationCodeGuard = 'oid4vciVerificationCodeGuard',\n createContactGuard = 'oid4vciCreateContactGuard',\n hasSelectedCredentialsGuard = 'oid4vciHasSelectedCredentialsGuard',\n isOIDFOriginGuard = 'oid4vciIsOIDFOriginGuard',\n contactHasLowTrustGuard = 'oid4vciContactHasLowTrustGuard',\n isFirstPartyApplication = 'oid4vciIsFirstPartyApplication',\n}\n\nexport enum OID4VCIMachineServices {\n start = 'start',\n getContact = 'getContact',\n getFederationTrust = 'getFederationTrust',\n addContactIdentity = 'addContactIdentity',\n createCredentialsToSelectFrom = 'createCredentialsToSelectFrom',\n prepareAuthorizationRequest = 'prepareAuthorizationRequest',\n getIssuerBranding = 'getIssuerBranding',\n storeIssuerBranding = 'storeIssuerBranding',\n getCredentials = 'getCredentials',\n assertValidCredentials = 'assertValidCredentials',\n storeCredentialBranding = 'storeCredentialBranding',\n sendNotification = 'sendNotification',\n storeCredentials = 'storeCredentials',\n startFirstPartApplicationFlow = 'startFirstPartApplicationFlow',\n}\n\nexport type OID4VCIMachineServiceDefinitions = Record<keyof typeof OID4VCIMachineServices, (...args: Array<any>) => any>\n\nexport type NextEvent = { type: OID4VCIMachineEvents.NEXT }\nexport type PreviousEvent = { type: OID4VCIMachineEvents.PREVIOUS }\nexport type DeclineEvent = { type: OID4VCIMachineEvents.DECLINE }\nexport type CreateContactEvent = { type: OID4VCIMachineEvents.CREATE_CONTACT; data: Party }\nexport type SelectCredentialsEvent = { type: OID4VCIMachineEvents.SET_SELECTED_CREDENTIALS; data: Array<string> }\nexport type VerificationCodeEvent = { type: OID4VCIMachineEvents.SET_VERIFICATION_CODE; data: string }\nexport type ContactConsentEvent = { type: OID4VCIMachineEvents.SET_CONTACT_CONSENT; data: boolean }\nexport type ContactAliasEvent = { type: OID4VCIMachineEvents.SET_CONTACT_ALIAS; data: string }\nexport type SetAuthorizationCodeURLEvent = { type: OID4VCIMachineEvents.SET_AUTHORIZATION_CODE_URL; data: string }\nexport type InvokeAuthorizationRequestEvent = { type: OID4VCIMachineEvents.INVOKED_AUTHORIZATION_CODE_REQUEST; data: string }\nexport type AuthorizationResponseEvent = { type: OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE; data: string \| AuthorizationResponse }\n\nexport type OID4VCIMachineEventTypes =\n \| NextEvent\n \| PreviousEvent\n \| DeclineEvent\n \| CreateContactEvent\n \| SelectCredentialsEvent\n \| VerificationCodeEvent\n \| ContactConsentEvent\n \| ContactAliasEvent\n \| SetAuthorizationCodeURLEvent\n \| InvokeAuthorizationRequestEvent\n \| AuthorizationResponseEvent\n\nexport type ErrorDetails = {\n title: string\n message: string\n // TODO WAL-676 would be nice if we can bundle these details fields into a new type so that we can check on this field instead of the 2 separately\n detailsTitle?: string\n detailsMessage?: string\n stack?: string\n}\n\nexport enum RequestType {\n OPENID_INITIATE_ISSUANCE = 'openid-initiate-issuance',\n OPENID_CREDENTIAL_OFFER = 'openid-credential-offer',\n URL = 'URL',\n}\n\nexport type CredentialToSelectFromResult = ExperimentalSubjectIssuance & {\n id: string\n credentialId: string\n credentialTypes: Array<string>\n credentialAlias: string\n isSelected: boolean\n}\n\nexport type OID4VCIMachine = {\n interpreter: OID4VCIMachineInterpreter\n}\n\nexport type StartResult = {\n credentialBranding?: Record<string, Array<IBasicCredentialLocaleBranding>>\n credentialsSupported: Record<string, CredentialConfigurationSupported>\n serverMetadata: EndpointMetadataResult\n oid4vciClientState: OpenID4VCIClientState\n}\n\nexport type PrepareAuthorizationResult = {\n authorizationCodeURL?: string\n oid4vciClientState: OpenID4VCIClientState\n}\n\nexport type SelectAppLocaleBrandingArgs = {\n locale?: string\n localeBranding?: Array<IBasicCredentialLocaleBranding \| IBasicIssuerLocaleBranding>\n}\n\nexport type IssuanceOpts = CredentialConfigurationSupported & {\n credentialConfigurationId?: string // Explicit ID for a credential\n supportedBindingMethods: ManagedIdentifierMethod[]\n supportedPreferredDidMethod?: SupportedDidMethodEnum\n schemaValidation?: SchemaValidation\n // todo: rename, now we have generic identifiers\n identifier?: ManagedIdentifierOptsOrResult\n // todo: replace by signature alg, so we can determine applicable key types instead of determining up front. Use proof_types_supported\n keyType?: TKeyType\n codecName?: string\n kms?: string\n}\n\nexport type VerificationResult = {\n result: boolean\n source: WrappedVerifiableCredential \| WrappedVerifiablePresentation\n subResults: Array<VerificationSubResult>\n error?: string \| undefined\n errorDetails?: string\n}\n\nexport type VerificationSubResult = {\n result: boolean\n error?: string\n errorDetails?: string\n}\n\nexport type CredentialToAccept = {\n id?: string\n types: string[]\n issuanceOpt: IssuanceOpts\n credentialResponse: CredentialResponseV1_0_15 \| CredentialResponse\n}\n\nexport type GetCredentialConfigsSupportedArgs = {\n client: OpenID4VCIClientV1_0_15\n vcFormatPreferences: Array<string>\n format?: Array<string>\n types?: Array<Array<string>>\n configurationIds?: Array<string>\n}\n\n/*\n Please note that this method is restricting the results to one set of types or configurationId.\n * It can potentially return multiple results mainly because of different formats.\n /\nexport type GetCredentialConfigsSupportedBySingleTypeOrIdArgs = {\n client: OpenID4VCIClientV1_0_15\n vcFormatPreferences: Array<string>\n format?: string[]\n types?: string[]\n configurationId?: string\n}\n\nexport type GetCredentialBrandingArgs = {\n credentialsSupported: Record<string, CredentialConfigurationSupported>\n context: RequiredContext\n}\n\nexport type GetBasicIssuerLocaleBrandingArgs = {\n display: MetadataDisplay[]\n dynamicRegistrationClientMetadata?: DynamicRegistrationClientMetadataDisplay\n context: RequiredContext\n}\n\nexport type GetPreferredCredentialFormatsArgs = {\n credentials: Record<string, CredentialConfigurationSupported>\n vcFormatPreferences: Array<string>\n}\n\nexport type MapCredentialToAcceptArgs = {\n credentialToAccept: CredentialToAccept\n hasher?: HasherSync\n}\n\nexport type GetDefaultIssuanceOptsArgs = {\n credentialSupported: CredentialConfigurationSupported\n opts: DefaultIssuanceOpts\n context: RequiredContext\n}\n\nexport type DefaultIssuanceOpts = {\n client: OpenID4VCIClientV1_0_15\n}\n\nexport type GetIdentifierArgs = {\n issuanceOpt: IssuanceOpts\n context: RequiredContext\n}\n\nexport type GetAuthenticationKeyArgs = {\n identifier: ManagedIdentifierOptsOrResult\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n context: IAgentContext<IResolver & IDIDManager & IKeyManager>\n}\n\nexport type GetOrCreatePrimaryIdentifierArgs = {\n context: RequiredContext\n opts?: CreateOrGetIdentifierOpts\n}\n\nexport type CreateIdentifierArgs = {\n context: RequiredContext\n opts?: CreateIdentifierOpts\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type GetIssuanceOptsArgs = {\n client: OpenID4VCIClientV1_0_15\n credentialsSupported: Record<string, CredentialConfigurationSupported>\n serverMetadata: EndpointMetadataResult\n context: RequiredContext\n didMethodPreferences: Array<SupportedDidMethodEnum>\n jwtCryptographicSuitePreferences: Array<JoseSignatureAlgorithm \| JoseSignatureAlgorithmString>\n jsonldCryptographicSuitePreferences: Array<string>\n forceIssuanceOpt?: IssuanceOpts\n}\n\nexport type GetIssuanceDidMethodArgs = {\n credentialSupported: CredentialConfigurationSupported\n client: OpenID4VCIClientV1_0_15\n didMethodPreferences: Array<SupportedDidMethodEnum>\n}\n\nexport type GetIssuanceCryptoSuiteArgs = {\n credentialSupported: CredentialConfigurationSupported\n client: OpenID4VCIClientV1_0_15\n jwtCryptographicSuitePreferences: Array<JoseSignatureAlgorithm \| JoseSignatureAlgorithmString>\n jsonldCryptographicSuitePreferences: Array<string>\n}\n\nexport type GetCredentialArgs = {\n pin?: string\n issuanceOpt: IssuanceOpts\n client: OpenID4VCIClientV1_0_15\n accessTokenOpts?: AccessTokenOpts\n}\n\nexport type AccessTokenOpts = {\n additionalRequestParams?: Record<string, any>\n clientOpts?: AuthorizationServerClientOpts\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport type CredentialVerificationError = {\n error?: string\n errorDetails?: string\n}\n\nexport type VerifyMdocArgs = { credential: string }\n\nexport type VerifySDJWTCredentialArgs = { credential: string; hasher?: HasherSync }\n\nexport interface VerifyCredentialArgs {\n credential: OriginalVerifiableCredential\n fetchRemoteContexts?: boolean\n policies?: VerificationPolicies\n\n [x: string]: any\n}\n\nexport type IssuerType = 'RootTAO' \| 'TAO' \| 'TI' \| 'Revoked or Undefined'\n\nexport type VerifyEBSICredentialIssuerArgs = {\n wrappedVc: WrappedVerifiableCredential\n issuerType?: IssuerType[]\n}\n\nexport type Attribute = {\n hash: string\n body: string\n issuerType: IssuerType\n tao: string\n rootTao: string\n}\n\nexport type VerifyEBSICredentialIssuerResult = {\n did: string\n attributes: Attribute[]\n}\n\nexport type Oid4vciCredentialLocaleBrandingFromArgs = {\n credentialDisplay: CredentialsSupportedDisplay\n}\n\nexport type SdJwtCredentialLocaleBrandingFromArgs = {\n credentialDisplay: SdJwtTypeDisplayMetadata\n}\n\nexport type SdJwtGetCredentialBrandingFromArgs = {\n credentialDisplay?: Array<SdJwtTypeDisplayMetadata>\n claimsMetadata?: Array<SdJwtClaimMetadata>\n}\n\nexport type SdJwtCredentialClaimLocalesFromArgs = {\n claimsMetadata: Array<SdJwtClaimMetadata>\n}\n\nexport type IssuerLocaleBrandingFromArgs = {\n issuerDisplay: MetadataDisplay\n dynamicRegistrationClientMetadata?: DynamicRegistrationClientMetadataDisplay\n}\n\nexport type Oid4vciGetCredentialBrandingFromArgs = {\n credentialDisplay?: Array<CredentialsSupportedDisplay>\n issuerCredentialSubject?: IssuerCredentialSubject\n}\n\nexport type Oid4vciCredentialDisplayLocalesFromArgs = {\n credentialDisplay: Array<CredentialsSupportedDisplay>\n}\n\nexport type SdJwtCredentialDisplayLocalesFromArgs = {\n credentialDisplay: Array<SdJwtTypeDisplayMetadata>\n}\n\nexport type Oid4vciIssuerCredentialSubjectLocalesFromArgs = {\n issuerCredentialSubject: IssuerCredentialSubject\n}\n\nexport type Oid4vciCombineDisplayLocalesFromArgs = {\n credentialDisplayLocales?: Map<string, CredentialsSupportedDisplay>\n issuerCredentialSubjectLocales?: Map<string, Array<IBasicCredentialClaim>>\n}\n\nexport type SdJwtCombineDisplayLocalesFromArgs = {\n credentialDisplayLocales?: Map<string, SdJwtTypeDisplayMetadata>\n claimsMetadata?: Map<string, Array<IBasicCredentialClaim>>\n}\n\nexport type DynamicRegistrationClientMetadataDisplay = Pick<\n DynamicRegistrationClientMetadata,\n 'client_name' \| 'client_uri' \| 'contacts' \| 'tos_uri' \| 'policy_uri' \| 'logo_uri'\n>\n\nexport type WalletType = 'NATURAL_PERSON' \| 'ORGANIZATIONAL'\n\nexport type DidAgents = TAgent<IResolver & IDIDManager>\n\nexport type RequiredContext = IAgentContext<\n IIssuanceBranding &\n IContactManager &\n ICredentialValidation &\n ICredentialVerifier &\n ICredentialIssuer &\n ICredentialStore &\n IIdentifierResolution &\n IJwtService &\n IDIDManager &\n IResolver &\n IKeyManager &\n ISDJwtPlugin &\n ImDLMdoc &\n IDidAuthSiopOpAuthenticator\n>\n","import { RPRegistrationMetadataPayload } from '@sphereon/did-auth-siop'\nimport { OpenID4VCIClientState } from '@sphereon/oid4vci-client'\nimport { AuthorizationChallengeCodeResponse } from '@sphereon/oid4vci-common'\nimport { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store'\nimport { DidAuthConfig, Party } from '@sphereon/ssi-sdk.data-store-types'\nimport { IIdentifier } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport { BaseActionObject, Interpreter, ResolveTypegenMeta, ServiceMap, State, StateMachine, StatesConfig, TypegenDisabled } from 'xstate'\nimport { ErrorDetails, RequiredContext } from './IOID4VCIHolder'\n\nexport enum FirstPartyMachineStateTypes {\n sendAuthorizationChallengeRequest = 'sendAuthorizationChallengeRequest',\n sendAuthorizationResponse = 'sendAuthorizationResponse',\n selectCredentials = 'selectCredentials',\n createConfig = 'createConfig',\n getSiopRequest = 'getSiopRequest',\n error = 'error',\n done = 'done',\n aborted = 'aborted',\n declined = 'declined',\n}\n\nexport enum FirstPartyMachineServices {\n sendAuthorizationChallengeRequest = 'sendAuthorizationChallengeRequest',\n sendAuthorizationResponse = 'sendAuthorizationResponse',\n createConfig = 'createConfig',\n getSiopRequest = 'getSiopRequest',\n}\n\nexport type FirstPartyMachineStates = Record<FirstPartyMachineStateTypes, {}>\n\nexport type FirstPartyMachineContext = {\n openID4VCIClientState: OpenID4VCIClientState\n selectedCredentials: Array<UniqueDigitalCredential>\n contact: Party\n authSession?: string\n presentationUri?: string\n identifier?: IIdentifier\n didAuthConfig?: Omit<DidAuthConfig, 'identifier'>\n authorizationRequestData?: SiopV2AuthorizationRequestData\n presentationDuringIssuanceSession?: string\n authorizationCodeResponse?: AuthorizationChallengeCodeResponse\n error?: ErrorDetails\n}\n\nexport enum FirstPartyMachineEvents {\n NEXT = 'NEXT',\n PREVIOUS = 'PREVIOUS',\n DECLINE = 'DECLINE',\n SET_SELECTED_CREDENTIALS = 'SET_SELECTED_CREDENTIALS',\n}\n\nexport type FirstPartyNextEvent = { type: FirstPartyMachineEvents.NEXT }\nexport type FirstPartyPreviousEvent = { type: FirstPartyMachineEvents.PREVIOUS }\nexport type FirstPartyDeclineEvent = { type: FirstPartyMachineEvents.DECLINE }\nexport type FirstPartySelectCredentialsEvent = {\n type: FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS\n data: Array<UniqueDigitalCredential>\n}\n\nexport type FirstPartyMachineEventTypes = FirstPartyNextEvent \| FirstPartyPreviousEvent \| FirstPartyDeclineEvent \| FirstPartySelectCredentialsEvent\n\nexport type FirstPartyMachineStatesConfig = StatesConfig<\n FirstPartyMachineContext,\n {\n states: FirstPartyMachineStates\n },\n FirstPartyMachineEventTypes,\n any\n>\n\nexport type CreateFirstPartyMachineOpts = {\n openID4VCIClientState: OpenID4VCIClientState\n contact: Party\n agentContext: RequiredContext\n machineId?: string\n}\n\nexport type FirstPartyStateMachine = StateMachine<\n FirstPartyMachineContext,\n any,\n FirstPartyMachineEventTypes,\n {\n value: any\n context: FirstPartyMachineContext\n },\n BaseActionObject,\n ServiceMap,\n ResolveTypegenMeta<TypegenDisabled, FirstPartyMachineEventTypes, BaseActionObject, ServiceMap>\n>\n\nexport type FirstPartyMachineInterpreter = Interpreter<\n FirstPartyMachineContext,\n any,\n FirstPartyMachineEventTypes,\n {\n value: any\n context: FirstPartyMachineContext\n },\n any\n>\n\nexport type FirstPartyMachineStateNavigationListener = (\n firstPartyMachine: FirstPartyMachineInterpreter,\n state: FirstPartyMachineState,\n navigation?: any,\n) => Promise<void>\n\nexport type InstanceFirstPartyMachineOpts = {\n services?: any\n guards?: any\n subscription?: () => void\n requireCustomNavigationHook?: boolean\n stateNavigationListener?: FirstPartyMachineStateNavigationListener\n} & CreateFirstPartyMachineOpts\n\nexport type FirstPartyMachineState = State<\n FirstPartyMachineContext,\n FirstPartyMachineEventTypes,\n any,\n {\n value: any\n context: FirstPartyMachineContext\n },\n any\n>\n\nexport type FirstPartyMachineServiceDefinitions = Record<keyof typeof FirstPartyMachineServices, (...args: Array<any>) => any>\n\nexport type SendAuthorizationChallengeRequestArgs = Pick<\n FirstPartyMachineContext,\n 'openID4VCIClientState' \| 'authSession' \| 'presentationDuringIssuanceSession'\n>\n\nexport type SendAuthorizationResponseArgs = Pick<\n FirstPartyMachineContext,\n 'authSession' \| 'presentationUri' \| 'didAuthConfig' \| 'authorizationRequestData' \| 'selectedCredentials'\n>\n\nexport type CreateConfigArgs = Pick<FirstPartyMachineContext, 'presentationUri' \| 'identifier'>\n\nexport type GetSiopRequestArgs = Pick<FirstPartyMachineContext, 'didAuthConfig' \| 'presentationUri'>\n\nexport type SiopV2AuthorizationRequestData = {\n correlationId: string\n registrationMetadataPayload: RPRegistrationMetadataPayload\n issuer?: string\n name?: string\n uri?: URL\n clientIdScheme?: string\n clientId?: string\n entityId?: string\n dcqlQuery: DcqlQuery\n}\n\nexport type FirstPartyMachineNavigationArgs = {\n firstPartyMachine: FirstPartyMachineInterpreter\n state: FirstPartyMachineState\n navigation: any\n onNext?: () => void\n onBack?: () => void\n}\n","import { LOG } from '@sphereon/oid4vci-client'\nimport {\n AuthorizationChallengeCodeResponse,\n CredentialConfigurationSupported,\n CredentialConfigurationSupportedSdJwtVcV1_0_15,\n CredentialResponse,\n CredentialResponseV1_0_15,\n CredentialSupportedSdJwtVc,\n getSupportedCredentials,\n getTypesFromCredentialSupported,\n getTypesFromObject,\n MetadataDisplay,\n} from '@sphereon/oid4vci-common'\nimport { KeyUse } from '@sphereon/ssi-sdk-ext.did-resolver-jwk'\nimport { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isIIdentifier,\n isManagedIdentifierDidResult,\n isManagedIdentifierResult,\n ManagedIdentifierMethod,\n ManagedIdentifierResult,\n managedIdentifierToJwk,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { keyTypeFromCryptographicSuite } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store-types'\nimport {\n CredentialMapper,\n Hasher,\n IVerifiableCredential,\n JoseSignatureAlgorithm,\n JoseSignatureAlgorithmString,\n mdocDecodedCredentialToUniformCredential,\n OriginalVerifiableCredential,\n sdJwtDecodedCredentialToUniformCredential,\n SdJwtDecodedVerifiableCredential,\n SdJwtTypeMetadata,\n W3CVerifiableCredential,\n WrappedVerifiableCredential,\n} from '@sphereon/ssi-types'\nimport { asArray } from '@veramo/utils'\nimport { translate } from '../localization/Localization'\nimport { FirstPartyMachine } from '../machines/firstPartyMachine'\nimport { issuerLocaleBrandingFrom, oid4vciGetCredentialBrandingFrom, sdJwtGetCredentialBrandingFrom } from '../mappers/OIDC4VCIBrandingMapper'\nimport { FirstPartyMachineState, FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'\nimport {\n DidAgents,\n GetBasicIssuerLocaleBrandingArgs,\n GetCredentialBrandingArgs,\n GetCredentialConfigsSupportedArgs,\n GetCredentialConfigsSupportedBySingleTypeOrIdArgs,\n GetIdentifierArgs,\n GetIssuanceCryptoSuiteArgs,\n GetIssuanceDidMethodArgs,\n GetIssuanceOptsArgs,\n GetPreferredCredentialFormatsArgs,\n IssuanceOpts,\n MapCredentialToAcceptArgs,\n MappedCredentialToAccept,\n OID4VCIHolderEvent,\n RequiredContext,\n SelectAppLocaleBrandingArgs,\n StartFirstPartApplicationMachine,\n VerificationResult,\n VerifyCredentialToAcceptArgs,\n} from '../types/IOID4VCIHolder'\n\nexport const getCredentialBranding = async (args: GetCredentialBrandingArgs): Promise<Record<string, Array<IBasicCredentialLocaleBranding>>> => {\n const { credentialsSupported, context } = args\n const credentialBranding: Record<string, Array<IBasicCredentialLocaleBranding>> = {}\n await Promise.all(\n Object.entries(credentialsSupported).map(async ([configId, credentialsConfigSupported]): Promise<void> => {\n let sdJwtTypeMetadata: SdJwtTypeMetadata \| undefined\n if (credentialsConfigSupported.format === 'dc+sd-jwt') {\n const vct = (<CredentialSupportedSdJwtVc \| CredentialConfigurationSupportedSdJwtVcV1_0_15>credentialsConfigSupported).vct\n if (vct.startsWith('http')) {\n try {\n sdJwtTypeMetadata = await context.agent.fetchSdJwtTypeMetadataFromVctUrl({ vct })\n } catch {\n // For now, we are just going to ignore and continue without any branding as we still have a fallback\n }\n }\n }\n let mappedLocaleBranding: Array<IBasicCredentialLocaleBranding> = []\n if (sdJwtTypeMetadata) {\n mappedLocaleBranding = await sdJwtGetCredentialBrandingFrom({\n credentialDisplay: sdJwtTypeMetadata.display,\n claimsMetadata: sdJwtTypeMetadata.claims,\n })\n } else {\n mappedLocaleBranding = await oid4vciGetCredentialBrandingFrom({\n credentialDisplay: credentialsConfigSupported.display,\n issuerCredentialSubject:\n // @ts-ignore // FIXME SPRIND-123 add proper support for type recognition as claim display can be located elsewhere for v13\n credentialsSupported.claims !== undefined ? credentialsConfigSupported.claims : credentialsConfigSupported.credentialSubject,\n })\n }\n // TODO we should make the mapper part of the plugin, so that the logic for getting the branding becomes more clear and easier to use\n const localeBranding = await Promise.all(\n mappedLocaleBranding.map(\n async (localeBranding): Promise<IBasicCredentialLocaleBranding> => await context.agent.ibCredentialLocaleBrandingFrom({ localeBranding }),\n ),\n )\n const defaultCredentialType = 'VerifiableCredential'\n const configSupportedTypes = getTypesFromCredentialSupported(credentialsConfigSupported)\n const credentialTypes: Array<string> = configSupportedTypes.length === 0 ? asArray(defaultCredentialType) : configSupportedTypes\n const filteredCredentialTypes = credentialTypes.filter((type: string): boolean => type !== defaultCredentialType)\n credentialBranding[filteredCredentialTypes[0]] = localeBranding // TODO for now taking the first type\n }),\n )\n\n return credentialBranding\n}\n\nexport const getBasicIssuerLocaleBranding = async (args: GetBasicIssuerLocaleBrandingArgs): Promise<Array<IBasicIssuerLocaleBranding>> => {\n const { display, dynamicRegistrationClientMetadata, context } = args\n return await Promise.all(\n display.map(async (issuerDisplay: MetadataDisplay): Promise<IBasicIssuerLocaleBranding> => {\n // FIXME for now we do not have locale support for dynamicRegistrationClientMetadata, so we add all the metadata to every locale\n const branding = await issuerLocaleBrandingFrom({ issuerDisplay, dynamicRegistrationClientMetadata })\n return context.agent.ibIssuerLocaleBrandingFrom({ localeBranding: branding })\n }),\n )\n}\n\nexport const getCredentialConfigsBasedOnFormatPref = async (\n args: GetPreferredCredentialFormatsArgs,\n): Promise<Record<string, CredentialConfigurationSupported>> => {\n const { vcFormatPreferences, credentials } = args\n const prefConfigs = {} as Record<string, CredentialConfigurationSupported>\n Object.entries(credentials).forEach(([key, config]) => {\n const result = !config.format \|\| vcFormatPreferences.map((pref) => pref.toLowerCase()).includes(config.format.toLowerCase())\n if (result) {\n prefConfigs[key] = config\n }\n })\n\n return prefConfigs\n}\n\nexport const selectCredentialLocaleBranding = async (\n args: SelectAppLocaleBrandingArgs,\n): Promise<IBasicCredentialLocaleBranding \| IBasicIssuerLocaleBranding \| undefined> => {\n const { locale, localeBranding } = args\n\n return localeBranding?.find(\n (branding: IBasicCredentialLocaleBranding \| IBasicIssuerLocaleBranding) =>\n locale ? branding.locale?.startsWith(locale) \|\| branding.locale === undefined : branding.locale === undefined, // TODO refactor as we have duplicate code\n )\n}\n\nexport const verifyCredentialToAccept = async (args: VerifyCredentialToAcceptArgs): Promise<VerificationResult> => {\n const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args\n\n const credential = extractCredentialFromResponse(mappedCredential.credentialToAccept.credentialResponse)\n\n const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credential, { hasher: hasher ?? defaultHasher })\n if (\n wrappedVC.decoded?.iss?.includes('did:ebsi:') \|\|\n (typeof wrappedVC.decoded?.vc?.issuer === 'string'\n ? wrappedVC.decoded?.vc?.issuer?.includes('did:ebsi:')\n : wrappedVC.decoded?.vc?.issuer?.existingInstanceId?.includes('did:ebsi:'))\n ) {\n // TODO: Skipping VC validation for EBSI conformance issued credential, as their Issuer is not present in the ledger (sigh)\n // just calling the verifySchema functionality for ebsi credentials\n await context.agent.cvVerifySchema({ credential, hasher, validationPolicy: schemaValidation })\n if (JSON.stringify(wrappedVC.decoded).includes('vc:ebsi:conformance')) {\n return { source: wrappedVC, error: undefined, result: true, subResults: [] } satisfies VerificationResult\n }\n\n if (onVerifyEBSICredentialIssuer) {\n try {\n await onVerifyEBSICredentialIssuer({\n wrappedVc: wrappedVC,\n })\n } catch (e) {\n return { source: wrappedVC, error: e.message, result: true, subResults: [] } satisfies VerificationResult\n }\n }\n }\n\n const verificationResult: VerificationResult = await context.agent.cvVerifyCredential({\n credential,\n hasher,\n // TODO WAL-675 we might want to allow these types of options as part of the context, now we have state machines. Allows us to pre-determine whether these policies apply and whether remote context should be fetched\n fetchRemoteContexts: true,\n policies: {\n schemaValidation: schemaValidation,\n credentialStatus: false,\n expirationDate: false,\n issuanceDate: false,\n },\n })\n\n if (!verificationResult.result \|\| verificationResult.error) {\n return Promise.reject(Error(verificationResult.error ?? translate('oid4vci_machine_credential_verification_failed_message')))\n }\n return verificationResult\n}\n\nexport const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Promise<MappedCredentialToAccept> => {\n const { credentialToAccept, hasher } = args\n\n const verifiableCredential = extractCredentialFromResponse(credentialToAccept.credentialResponse) as W3CVerifiableCredential\n\n const wrappedVerifiableCredential: WrappedVerifiableCredential = CredentialMapper.toWrappedVerifiableCredential(\n verifiableCredential as OriginalVerifiableCredential,\n { hasher },\n )\n let uniformVerifiableCredential: IVerifiableCredential\n if (CredentialMapper.isSdJwtDecodedCredential(wrappedVerifiableCredential.credential)) {\n uniformVerifiableCredential = sdJwtDecodedCredentialToUniformCredential(<SdJwtDecodedVerifiableCredential>wrappedVerifiableCredential.credential)\n } else if (CredentialMapper.isSdJwtEncoded(wrappedVerifiableCredential.credential)) {\n if (!hasher) {\n return Promise.reject('a hasher is required for encoded SD-JWT credentials')\n }\n const asyncHasher: Hasher = (data: string \| ArrayBuffer \| SharedArrayBuffer, algorithm: string) => Promise.resolve(hasher(data, algorithm))\n const decodedSdJwt = await CredentialMapper.decodeSdJwtVcAsync(wrappedVerifiableCredential.credential, asyncHasher)\n uniformVerifiableCredential = sdJwtDecodedCredentialToUniformCredential(<SdJwtDecodedVerifiableCredential>decodedSdJwt)\n } else if (CredentialMapper.isMsoMdocDecodedCredential(wrappedVerifiableCredential.credential)) {\n uniformVerifiableCredential = mdocDecodedCredentialToUniformCredential(wrappedVerifiableCredential.credential)\n } else {\n uniformVerifiableCredential = <IVerifiableCredential>wrappedVerifiableCredential.credential\n }\n\n const correlationId: string =\n typeof uniformVerifiableCredential.issuer === 'string'\n ? uniformVerifiableCredential.issuer\n : CredentialMapper.isSdJwtDecodedCredential(uniformVerifiableCredential)\n ? uniformVerifiableCredential.decodedPayload.iss\n : uniformVerifiableCredential.issuer.id\n\n const credentialResponse = credentialToAccept.credentialResponse as CredentialResponseV1_0_15\n return {\n correlationId,\n credentialToAccept,\n types: credentialToAccept.types,\n rawVerifiableCredential: verifiableCredential,\n uniformVerifiableCredential,\n ...(credentialResponse.credential_subject_issuance && { credential_subject_issuance: credentialResponse.credential_subject_issuance }),\n }\n}\n\nexport const extractCredentialFromResponse = (credentialResponse: CredentialResponse): OriginalVerifiableCredential => {\n let credential: OriginalVerifiableCredential \| undefined\n\n if ('credential' in credentialResponse) {\n credential = credentialResponse.credential as OriginalVerifiableCredential\n } else if (\n 'credentials' in credentialResponse &&\n credentialResponse.credentials &&\n Array.isArray(credentialResponse.credentials) &&\n credentialResponse.credentials.length > 0\n ) {\n credential = credentialResponse.credentials[0].credential as OriginalVerifiableCredential // FIXME SSISDK-13 (no multi-credential support yet)\n }\n\n if (!credential) {\n throw new Error('No credential found in credential response')\n }\n\n return credential\n}\n\nexport const getIdentifierOpts = async (args: GetIdentifierArgs): Promise<ManagedIdentifierResult> => {\n const { issuanceOpt, context } = args\n const { identifier: identifierArg } = issuanceOpt\n if (identifierArg && isManagedIdentifierResult(identifierArg)) {\n return identifierArg\n }\n const {\n supportedPreferredDidMethod,\n supportedBindingMethods,\n keyType = 'Secp256r1',\n kms = await context.agent.keyManagerGetDefaultKeyManagementSystem(),\n } = issuanceOpt\n let identifier: ManagedIdentifierResult\n\n if (identifierArg) {\n if (isIIdentifier(identifierArg.identifier)) {\n identifier = await context.agent.identifierManagedGet(identifierArg)\n } else if (!identifierArg.method && issuanceOpt.supportedBindingMethods.includes('jwk')) {\n identifier = await managedIdentifierToJwk(identifierArg, context)\n } else if (identifierArg.method && !supportedBindingMethods.includes(identifierArg.method)) {\n throw Error(`Supplied identifier method ${identifierArg.method} not supported by the issuer: ${supportedBindingMethods.join(',')}`)\n } else {\n identifier = await context.agent.identifierManagedGet(identifierArg)\n }\n }\n const agentContext = { ...context, agent: context.agent as DidAgents }\n\n if (\n (!identifierArg \|\| isIIdentifier(identifierArg.identifier)) &&\n supportedPreferredDidMethod &&\n (!supportedBindingMethods \|\| supportedBindingMethods.length === 0 \|\| supportedBindingMethods.filter((method) => method.startsWith('did')))\n ) {\n // previous code for managing DIDs only\n const { result, created } = await getOrCreatePrimaryIdentifier(agentContext, {\n method: supportedPreferredDidMethod,\n createOpts: {\n options: {\n type: issuanceOpt.keyType,\n use: KeyUse.Signature,\n codecName: issuanceOpt.codecName,\n kms: issuanceOpt.kms,\n },\n },\n })\n identifier = await context.agent.identifierManagedGetByDid({\n identifier: result,\n keyType,\n offlineWhenNoDIDRegistered: result.did.startsWith('did:ebsi:'),\n })\n if (created) {\n await agentContext.agent.emit(OID4VCIHolderEvent.IDENTIFIER_CREATED, { identifier })\n }\n } else if (supportedBindingMethods.includes('jwk')) {\n // todo: we probably should do something similar as with DIDs for re-use/new keys\n const key = await context.agent.keyManagerCreate({ type: keyType, kms, meta: { keyAlias: `key_${keyType}_${Date.now()}` } })\n // TODO. Create/move this to identifier service await agentContext.agent.emit(OID4VCIHolderEvent.IDENTIFIER_CREATED, { key })\n identifier = await managedIdentifierToJwk({ method: 'key', identifier: key, kmsKeyRef: key.kid }, context)\n // } else if (supportedBindingMethods.includes('cose_key')) {\n // // TODO COSE HERE\n // throw Error(`Holder currently does not support binding method: ${supportedBindingMethods.join(',')}`)\n } else {\n throw Error(`Holder currently does not support binding method: ${supportedBindingMethods.join(',')}`)\n }\n args.issuanceOpt.identifier = identifier\n return identifier\n}\n\nexport const getCredentialConfigsSupportedMerged = async (\n args: GetCredentialConfigsSupportedArgs,\n): Promise<Record<string, CredentialConfigurationSupported>> => {\n let result = {} as Record<string, CredentialConfigurationSupported>\n ;(await getCredentialConfigsSupported(args)).forEach((supported: Record<string, CredentialConfigurationSupported>) => {\n result = { ...result, ...supported }\n })\n return result\n}\n\nexport const getCredentialConfigsSupported = async (\n args: GetCredentialConfigsSupportedArgs,\n): Promise<Array<Record<string, CredentialConfigurationSupported>>> => {\n const { types, configurationIds } = args\n if (Array.isArray(types) && types.length > 0) {\n return Promise.all(types.map((type) => getCredentialConfigsSupportedBySingleTypeOrId({ ...args, types: type })))\n } else if (Array.isArray(configurationIds) && configurationIds.length > 0) {\n return Promise.all(\n configurationIds.map((configurationId) =>\n getCredentialConfigsSupportedBySingleTypeOrId({\n ...args,\n configurationId,\n types: undefined,\n }),\n ),\n )\n }\n const configs = await getCredentialConfigsSupportedBySingleTypeOrId({\n ...args,\n types: undefined,\n configurationId: undefined,\n })\n return configs && Object.keys(configs).length > 0 ? [configs] : []\n}\n/\n Please note that this method only returns configs supported for a single set of credential types or a single config id.\n * If an offer contains multiple formats/types in an array or multiple config ids, you will have to call this method for all of them\n * @param args\n /\nexport const getCredentialConfigsSupportedBySingleTypeOrId = async (\n args: GetCredentialConfigsSupportedBySingleTypeOrIdArgs,\n): Promise<Record<string, CredentialConfigurationSupported>> => {\n const { client, vcFormatPreferences, configurationId } = args\n let { format = undefined, types = undefined } = args\n\n function createIdFromTypes(supported: CredentialConfigurationSupported) {\n const format = supported.format\n const type: string = getTypesFromObject(supported)?.join() ?? ''\n const id = `${type}:${format}`\n return id\n }\n\n if (configurationId) {\n const allSupported = client.getCredentialsSupported(undefined, format)\n return Object.fromEntries(\n Object.entries(allSupported).filter(\n ([id, supported]) => id === configurationId \|\| supported.id === configurationId \|\| createIdFromTypes(supported) === configurationId,\n ),\n )\n }\n\n if (!client.credentialOffer) {\n return Promise.reject(Error('openID4VCIClient has no credentialOffer'))\n }\n if (!types) {\n return Promise.reject(Error('openID4VCIClient has no types'))\n }\n\n const offerSupported = getSupportedCredentials({\n types: [types],\n format,\n version: client.version(),\n issuerMetadata: client.endpointMetadata.credentialIssuerMetadata,\n })\n let allSupported: Record<string, CredentialConfigurationSupported>\n\n if (!Array.isArray(offerSupported)) {\n allSupported = offerSupported\n } else {\n allSupported = {} satisfies Record<string, CredentialConfigurationSupported>\n offerSupported.forEach((supported) => {\n if (supported.id) {\n allSupported[supported.id as string] = supported\n return\n }\n const id = createIdFromTypes(supported)\n allSupported[id] = supported\n })\n }\n\n let credentialConfigsSupported = await getCredentialConfigsBasedOnFormatPref({\n credentials: allSupported,\n vcFormatPreferences,\n })\n if (!credentialConfigsSupported \|\| Object.keys(credentialConfigsSupported).length === 0) {\n LOG.warning(`No matching supported credential found for ${client.getIssuer()}`)\n }\n\n if (client.credentialOffer === undefined) {\n return credentialConfigsSupported\n }\n // Filter configurations based on the credential offer IDs\n const credentialOffer = client.credentialOffer.credential_offer\n\n let credentialsToOffer: Record<string, CredentialConfigurationSupported>\n if ('credential_configuration_ids' in credentialOffer) {\n credentialsToOffer = Object.fromEntries(\n Object.entries(credentialConfigsSupported).filter(([configId, config]) => credentialOffer.credential_configuration_ids.includes(configId)),\n )\n if (Object.keys(credentialsToOffer).length === 0) {\n throw new Error(`No matching supported credential configs found for offer ${credentialOffer.credential_configuration_ids.join(', ')}`)\n }\n } else {\n credentialsToOffer = credentialConfigsSupported\n }\n if (Object.keys(credentialsToOffer).length === 0) {\n // Same check as above, but more generic error message, as it can also apply to below draft 13\n throw new Error(`No matching supported credential configs found for offer`)\n }\n\n return credentialsToOffer\n}\n\nexport const getIssuanceOpts = async (args: GetIssuanceOptsArgs): Promise<Array<IssuanceOpts>> => {\n const {\n client,\n credentialsSupported,\n // serverMetadata,\n context,\n didMethodPreferences,\n jwtCryptographicSuitePreferences,\n jsonldCryptographicSuitePreferences,\n forceIssuanceOpt,\n } = args\n\n if (credentialsSupported === undefined \|\| Object.keys(credentialsSupported).length === 0) {\n return Promise.reject(Error('No credentials supported'))\n }\n\n const getIssuanceOpts: Array<Promise<IssuanceOpts>> = Object.values(credentialsSupported).map(async (credentialSupported) => {\n /if (!serverMetadata?.credentialIssuerMetadata) {\n return await getDefaultIssuanceOpts({ credentialSupported, opts: { client }, context })\n }/\n\n const cryptographicSuite: string = await getIssuanceCryptoSuite({\n credentialSupported,\n client,\n jwtCryptographicSuitePreferences,\n jsonldCryptographicSuitePreferences,\n })\n const { didMethod, methods } = await getIssuanceMethod({\n credentialSupported,\n client,\n didMethodPreferences,\n })\n if (methods.length == 0) {\n console.log(`Could not determine supported cryptographic_binding_methods_supported, will use DIDs`)\n methods.push('did')\n }\n const issuanceOpt = forceIssuanceOpt\n ? { ...credentialSupported, ...forceIssuanceOpt }\n : ({\n ...credentialSupported,\n supportedPreferredDidMethod: didMethod,\n supportedBindingMethods: methods,\n format: credentialSupported.format,\n keyType: client.isEBSI() ? 'Secp256r1' : keyTypeFromCryptographicSuite({ crv: cryptographicSuite }),\n ...(client.isEBSI() && { codecName: 'EBSI' }),\n } satisfies IssuanceOpts)\n const identifier = await getIdentifierOpts({ issuanceOpt, context })\n if (!client.clientId && isManagedIdentifierDidResult(identifier)) {\n // FIXME: We really should fetch server metadata. Have user select required credentials. Take the first cred to determine a kid when no clientId is present and set that.\n // Needs a preference service for crypto, keys, dids, and clientId, with ecosystem support\n client.clientId = identifier.issuer ?? identifier.did\n }\n return { ...issuanceOpt, identifier }\n })\n\n return await Promise.all(getIssuanceOpts)\n}\n\nexport const getIssuanceMethod = async (\n opts: GetIssuanceDidMethodArgs,\n): Promise<{\n methods: ManagedIdentifierMethod[]\n didMethod?: SupportedDidMethodEnum\n}> => {\n const { client, credentialSupported, didMethodPreferences } = opts\n const { format, cryptographic_binding_methods_supported } = credentialSupported\n let methods: ManagedIdentifierMethod[] = [] // we use the external identifier method, as we should be supporting all values in the server metadata anyway\n if (cryptographic_binding_methods_supported && Array.isArray(cryptographic_binding_methods_supported)) {\n methods = cryptographic_binding_methods_supported as ManagedIdentifierMethod[]\n const didMethods: SupportedDidMethodEnum \| undefined = didMethodPreferences.find((method: SupportedDidMethodEnum) =>\n cryptographic_binding_methods_supported.includes(`did:${method.toLowerCase() /.replace('did:', '')/}`),\n )\n if (didMethods) {\n return { methods, didMethod: didMethods }\n } else if (cryptographic_binding_methods_supported.includes('did')) {\n return { methods, didMethod: format ? didMethodPreferences[1] : didMethodPreferences[0] }\n } else if (methods.length > 0) {\n return { methods }\n }\n console.warn(\n `We should have been able to determine cryptographic_binding_methods_supported, will fall back to legacy behaviour. This is likely a bug`,\n )\n }\n\n if (client.isEBSI()) {\n return { methods: ['did'], didMethod: SupportedDidMethodEnum.DID_KEY }\n }\n\n // legacy fallback\n methods = ['did']\n if (!format \|\| (format.includes('jwt') && !format?.includes('jwt_vc_json_ld'))) {\n return { methods, didMethod: format ? didMethodPreferences[1] : didMethodPreferences[0] }\n } else {\n // JsonLD\n return { methods, didMethod: didMethodPreferences[0] }\n }\n}\n\nexport const getIssuanceCryptoSuite = async (opts: GetIssuanceCryptoSuiteArgs): Promise<string> => {\n const { client, credentialSupported, jwtCryptographicSuitePreferences, jsonldCryptographicSuitePreferences } = opts\n\n let signing_algs_supported: Array<string>\n if ('proof_types_supported' in credentialSupported && credentialSupported.proof_types_supported) {\n if ('jwt' in credentialSupported.proof_types_supported && credentialSupported.proof_types_supported.jwt) {\n signing_algs_supported = credentialSupported.proof_types_supported.jwt.proof_signing_alg_values_supported\n } else if ('ldp_vp' in credentialSupported.proof_types_supported && credentialSupported.proof_types_supported.ldp_vp) {\n signing_algs_supported = credentialSupported.proof_types_supported.ldp_vp.proof_signing_alg_values_supported\n } else if ('cwt' in credentialSupported.proof_types_supported && credentialSupported.proof_types_supported.cwt) {\n signing_algs_supported = credentialSupported.proof_types_supported.cwt.proof_signing_alg_values_supported\n console.error('cwt proof type not supported. Likely that errors will occur after this point')\n } else {\n return Promise.reject(Error(`Unsupported proof_types_supported`))\n }\n } else {\n signing_algs_supported = asArray(\n // @ts-ignore // legacy\n credentialSupported.credential_signing_alg_values_supported ?? credentialSupported.proof_signing_alg_values_supported ?? [],\n )\n }\n\n // TODO: Return array, so the wallet/user could choose\n switch (credentialSupported.format) {\n // @ts-ignore legacy value\n case 'jwt':\n case 'jwt_vc_json':\n case 'jwt_vc':\n case 'vc+sd-jwt':\n case 'dc+sd-jwt':\n case 'mso_mdoc': {\n const supportedPreferences: Array<JoseSignatureAlgorithm \| JoseSignatureAlgorithmString> = jwtCryptographicSuitePreferences.filter(\n (suite: JoseSignatureAlgorithm \| JoseSignatureAlgorithmString) => signing_algs_supported.includes(suite),\n )\n\n if (supportedPreferences.length > 0) {\n return supportedPreferences[0]\n } else if (client.isEBSI()) {\n return JoseSignatureAlgorithm.ES256\n }\n\n // if we cannot find supported cryptographic suites, we just try with the first preference\n const fallback = jwtCryptographicSuitePreferences[0]\n console.log(`Warn: We could not determine the crypto suites from the server metadata, and will fallback to a default: ${fallback}`)\n return fallback\n }\n // @ts-ignore\n case 'ldp':\n // @ts-ignore\n case 'jwt_vc_json_ld':\n case 'ldp_vc': {\n const supportedPreferences: Array<string> = jsonldCryptographicSuitePreferences.filter((suite: string) =>\n signing_algs_supported.includes(suite),\n )\n if (supportedPreferences.length > 0) {\n return supportedPreferences[0]\n }\n\n // if we cannot find supported cryptographic suites, we just try with the first preference\n const fallback = jsonldCryptographicSuitePreferences[0]\n console.log(`Warn: We could not determine the crypto suites from the server metadata, and will fallback to a default: ${fallback}`)\n return fallback\n }\n default:\n return Promise.reject(Error(`Credential format '${credentialSupported.format}' not supported`))\n }\n}\n\nexport const startFirstPartApplicationMachine = async (\n args: StartFirstPartApplicationMachine,\n context: RequiredContext,\n): Promise<AuthorizationChallengeCodeResponse \| string> => {\n const { openID4VCIClientState, stateNavigationListener, contact } = args\n\n if (!openID4VCIClientState) {\n return Promise.reject(Error('Missing openID4VCI client state in context'))\n }\n\n if (!contact) {\n return Promise.reject(Error('Missing contact in context'))\n }\n\n const firstPartyMachineInstance = FirstPartyMachine.newInstance({\n openID4VCIClientState,\n contact,\n agentContext: context,\n stateNavigationListener,\n })\n\n return new Promise((resolve, reject) => {\n try {\n firstPartyMachineInstance.onTransition((state: FirstPartyMachineState) => {\n if (state.matches(FirstPartyMachineStateTypes.done)) {\n const authorizationCodeResponse = state.context.authorizationCodeResponse\n if (!authorizationCodeResponse) {\n reject(Error('No authorizationCodeResponse acquired'))\n }\n resolve(authorizationCodeResponse!)\n } else if (state.matches(FirstPartyMachineStateTypes.aborted)) {\n resolve(FirstPartyMachineStateTypes.aborted)\n } else if (state.matches(FirstPartyMachineStateTypes.declined)) {\n resolve(FirstPartyMachineStateTypes.declined)\n } else if (state.matches(FirstPartyMachineStateTypes.error)) {\n reject(state.context.error)\n }\n })\n firstPartyMachineInstance.start()\n } catch (error) {\n reject(error)\n }\n })\n}\n","import { assign, createMachine, DoneInvokeEvent, interpret } from 'xstate'\nimport { AuthorizationChallengeCodeResponse, AuthorizationChallengeError, AuthorizationChallengeErrorResponse } from '@sphereon/oid4vci-common'\nimport { DidAuthConfig } from '@sphereon/ssi-sdk.data-store-types'\nimport { CreateConfigResult } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport { createConfig, getSiopRequest, sendAuthorizationChallengeRequest, sendAuthorizationResponse } from '../services/FirstPartyMachineServices'\nimport { translate } from '../localization/Localization'\nimport { ErrorDetails } from '../types/IOID4VCIHolder'\nimport {\n CreateConfigArgs,\n CreateFirstPartyMachineOpts,\n FirstPartyMachineContext,\n FirstPartyMachineEvents,\n FirstPartyMachineEventTypes,\n FirstPartyMachineInterpreter,\n FirstPartyMachineServices,\n FirstPartyMachineState,\n FirstPartyMachineStatesConfig,\n FirstPartyMachineStateTypes,\n FirstPartyMachineServiceDefinitions,\n FirstPartyStateMachine,\n GetSiopRequestArgs,\n InstanceFirstPartyMachineOpts,\n SiopV2AuthorizationRequestData,\n SendAuthorizationResponseArgs,\n FirstPartySelectCredentialsEvent,\n} from '../types/FirstPartyMachine'\n\nconst firstPartyMachineStates: FirstPartyMachineStatesConfig = {\n [FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest]: {\n id: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,\n invoke: {\n src: FirstPartyMachineServices.sendAuthorizationChallengeRequest,\n onDone: {\n target: FirstPartyMachineStateTypes.done,\n actions: assign({\n authorizationCodeResponse: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeCodeResponse>) => _event.data,\n }),\n },\n onError: [\n {\n target: FirstPartyMachineStateTypes.createConfig,\n cond: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>): boolean =>\n _event.data.error === AuthorizationChallengeError.insufficient_authorization,\n actions: assign({\n authSession: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>) => _event.data.auth_session,\n presentationUri: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>) =>\n _event.data.presentation,\n }),\n },\n {\n target: FirstPartyMachineStateTypes.error,\n actions: assign({\n error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_send_authorization_challenge_request_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n ],\n },\n },\n [FirstPartyMachineStateTypes.createConfig]: {\n id: FirstPartyMachineStateTypes.createConfig,\n invoke: {\n src: FirstPartyMachineServices.createConfig,\n onDone: {\n target: FirstPartyMachineStateTypes.getSiopRequest,\n actions: assign({\n didAuthConfig: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<DidAuthConfig>) => _event.data,\n }),\n },\n onError: {\n target: FirstPartyMachineStateTypes.error,\n actions: assign({\n error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_create_config_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [FirstPartyMachineStateTypes.getSiopRequest]: {\n id: FirstPartyMachineStateTypes.getSiopRequest,\n invoke: {\n src: FirstPartyMachineServices.getSiopRequest,\n onDone: {\n target: FirstPartyMachineStateTypes.selectCredentials,\n actions: assign({\n authorizationRequestData: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<SiopV2AuthorizationRequestData>) => _event.data,\n }),\n },\n onError: {\n target: FirstPartyMachineStateTypes.error,\n actions: assign({\n error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('siopV2_machine_get_request_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [FirstPartyMachineStateTypes.selectCredentials]: {\n id: FirstPartyMachineStateTypes.selectCredentials,\n on: {\n [FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS]: {\n actions: assign({ selectedCredentials: (_ctx: FirstPartyMachineContext, _event: FirstPartySelectCredentialsEvent) => _event.data }),\n },\n [FirstPartyMachineEvents.NEXT]: {\n target: FirstPartyMachineStateTypes.sendAuthorizationResponse,\n },\n [FirstPartyMachineEvents.DECLINE]: {\n target: FirstPartyMachineStateTypes.declined,\n },\n [FirstPartyMachineEvents.PREVIOUS]: {\n target: FirstPartyMachineStateTypes.aborted,\n },\n },\n },\n [FirstPartyMachineStateTypes.sendAuthorizationResponse]: {\n id: FirstPartyMachineStateTypes.sendAuthorizationResponse,\n invoke: {\n src: FirstPartyMachineServices.sendAuthorizationResponse,\n onDone: {\n target: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,\n actions: assign({\n presentationDuringIssuanceSession: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<string>) => _event.data,\n }),\n },\n onError: {\n target: FirstPartyMachineStateTypes.error,\n actions: assign({\n error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({\n title: translate('oid4vci_machine_get_request_error_title'),\n message: _event.data.message,\n stack: _event.data.stack,\n }),\n }),\n },\n },\n },\n [FirstPartyMachineStateTypes.aborted]: {\n id: FirstPartyMachineStateTypes.aborted,\n type: 'final',\n },\n [FirstPartyMachineStateTypes.declined]: {\n id: FirstPartyMachineStateTypes.declined,\n type: 'final',\n },\n [FirstPartyMachineStateTypes.error]: {\n id: FirstPartyMachineStateTypes.error,\n type: 'final',\n },\n [FirstPartyMachineStateTypes.done]: {\n id: FirstPartyMachineStateTypes.done,\n type: 'final',\n },\n}\n\nconst createFirstPartyActivationMachine = (opts: CreateFirstPartyMachineOpts): FirstPartyStateMachine => {\n const initialContext: FirstPartyMachineContext = {\n openID4VCIClientState: opts.openID4VCIClientState,\n contact: opts.contact,\n selectedCredentials: [],\n }\n\n return createMachine<FirstPartyMachineContext, FirstPartyMachineEventTypes>({\n id: opts?.machineId ?? 'FirstParty',\n predictableActionArguments: true,\n initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,\n context: initialContext,\n states: firstPartyMachineStates,\n schema: {\n events: {} as FirstPartyMachineEventTypes,\n services: {} as {\n [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: {\n data: void\n }\n [FirstPartyMachineServices.createConfig]: {\n data: CreateConfigResult\n }\n [FirstPartyMachineServices.getSiopRequest]: {\n data: SiopV2AuthorizationRequestData\n }\n [FirstPartyMachineServices.sendAuthorizationResponse]: {\n data: string\n }\n },\n },\n })\n}\n\nexport class FirstPartyMachine {\n private static _instance: FirstPartyMachineInterpreter \| undefined\n\n static hasInstance(): boolean {\n return FirstPartyMachine._instance !== undefined\n }\n\n static get instance(): FirstPartyMachineInterpreter {\n if (!FirstPartyMachine._instance) {\n throw Error('Please initialize ESIMActivation machine first')\n }\n return FirstPartyMachine._instance\n }\n\n static clearInstance(opts: { stop: boolean }) {\n const { stop } = opts\n if (FirstPartyMachine.hasInstance()) {\n if (stop) {\n FirstPartyMachine.stopInstance()\n }\n }\n FirstPartyMachine._instance = undefined\n }\n\n static stopInstance(): void {\n if (!FirstPartyMachine.hasInstance()) {\n return\n }\n FirstPartyMachine.instance.stop()\n FirstPartyMachine._instance = undefined\n }\n\n public static newInstance(opts: InstanceFirstPartyMachineOpts): FirstPartyMachineInterpreter {\n const { agentContext } = opts\n const services: FirstPartyMachineServiceDefinitions = {\n [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,\n [FirstPartyMachineServices.createConfig]: (args: CreateConfigArgs) => createConfig(args, agentContext),\n [FirstPartyMachineServices.getSiopRequest]: (args: GetSiopRequestArgs) => getSiopRequest(args, agentContext),\n [FirstPartyMachineServices.sendAuthorizationResponse]: (args: SendAuthorizationResponseArgs) => sendAuthorizationResponse(args, agentContext),\n }\n\n const newInst: FirstPartyMachineInterpreter = interpret(\n createFirstPartyActivationMachine(opts).withConfig({\n services: {\n ...services,\n ...opts?.services,\n },\n guards: {\n ...opts?.guards,\n },\n }),\n )\n\n if (typeof opts?.subscription === 'function') {\n newInst.onTransition(opts.subscription)\n }\n\n if (opts?.requireCustomNavigationHook !== true) {\n newInst.onTransition((snapshot: FirstPartyMachineState): void => {\n if (opts?.stateNavigationListener) {\n void opts.stateNavigationListener(newInst, snapshot)\n }\n })\n }\n\n return newInst\n }\n\n static getInstance(\n opts: InstanceFirstPartyMachineOpts & {\n requireExisting?: boolean\n },\n ): FirstPartyMachineInterpreter {\n if (!FirstPartyMachine._instance) {\n if (opts?.requireExisting === true) {\n throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`)\n }\n FirstPartyMachine._instance = FirstPartyMachine.newInstance(opts)\n }\n return FirstPartyMachine._instance\n }\n}\n","import { OpenID4VCIClient } from '@sphereon/oid4vci-client'\nimport { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AuthorizationChallengeCodeResponse } from '@sphereon/oid4vci-common'\nimport { CreateConfigResult } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport { v4 as uuidv4 } from 'uuid'\nimport { RequiredContext } from '../types/IOID4VCIHolder'\nimport {\n CreateConfigArgs,\n GetSiopRequestArgs,\n SendAuthorizationChallengeRequestArgs,\n SendAuthorizationResponseArgs,\n SiopV2AuthorizationRequestData,\n} from '../types/FirstPartyMachine'\n\nexport const sendAuthorizationChallengeRequest = async (args: SendAuthorizationChallengeRequestArgs): Promise<AuthorizationChallengeCodeResponse> => {\n const { openID4VCIClientState, authSession, presentationDuringIssuanceSession } = args\n\n const oid4vciClient = await OpenID4VCIClient.fromState({ state: openID4VCIClientState })\n return oid4vciClient.acquireAuthorizationChallengeCode({\n clientId: oid4vciClient.clientId ?? uuidv4(),\n ...(authSession && { authSession }),\n ...(!authSession &&\n openID4VCIClientState.credentialOffer?.preAuthorizedCode && { issuerState: openID4VCIClientState.credentialOffer?.preAuthorizedCode }),\n ...(!authSession && openID4VCIClientState.credentialOffer?.issuerState && { issuerState: openID4VCIClientState.credentialOffer?.issuerState }),\n ...(presentationDuringIssuanceSession && { presentationDuringIssuanceSession }),\n })\n}\n\nexport const createConfig = async (args: CreateConfigArgs, context: RequiredContext): Promise<CreateConfigResult> => {\n const { presentationUri } = args\n\n if (!presentationUri) {\n return Promise.reject(Error('Missing presentation uri in context'))\n }\n\n return context.agent.siopCreateConfig({ url: presentationUri })\n}\n\nexport const getSiopRequest = async (args: GetSiopRequestArgs, context: RequiredContext): Promise<SiopV2AuthorizationRequestData> => {\n const { didAuthConfig, presentationUri } = args\n\n if (presentationUri === undefined) {\n return Promise.reject(Error('Missing presentation uri in context'))\n }\n\n if (didAuthConfig === undefined) {\n return Promise.reject(Error('Missing did auth config in context'))\n }\n\n return context.agent.siopGetSiopRequest({ didAuthConfig, url: presentationUri })\n}\n\nexport const sendAuthorizationResponse = async (args: SendAuthorizationResponseArgs, context: RequiredContext): Promise<string> => {\n const { didAuthConfig, authorizationRequestData, selectedCredentials } = args\n\n const responseData = await context.agent.siopSendResponse({\n authorizationRequestData,\n selectedCredentials,\n didAuthConfig,\n isFirstParty: true,\n })\n\n return (<AuthorizationChallengeValidationResponse>responseData.body).presentation_during_issuance_session\n}\n","import { CredentialsSupportedDisplay, NameAndLocale } from '@sphereon/oid4vci-common'\nimport { IBasicCredentialClaim, IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store-types'\nimport { SdJwtClaimDisplayMetadata, SdJwtClaimMetadata, SdJwtClaimPath, SdJwtTypeDisplayMetadata } from '@sphereon/ssi-types'\nimport {\n IssuerLocaleBrandingFromArgs,\n Oid4vciCombineDisplayLocalesFromArgs,\n Oid4vciCredentialDisplayLocalesFromArgs,\n Oid4vciCredentialLocaleBrandingFromArgs,\n Oid4vciGetCredentialBrandingFromArgs,\n Oid4vciIssuerCredentialSubjectLocalesFromArgs,\n SdJwtCombineDisplayLocalesFromArgs,\n SdJwtCredentialClaimLocalesFromArgs,\n SdJwtCredentialDisplayLocalesFromArgs,\n SdJwtCredentialLocaleBrandingFromArgs,\n SdJwtGetCredentialBrandingFromArgs,\n} from '../types/IOID4VCIHolder'\n\n// FIXME should we not move this to the branding plugin?\n\nexport const oid4vciGetCredentialBrandingFrom = async (\n args: Oid4vciGetCredentialBrandingFromArgs,\n): Promise<Array<IBasicCredentialLocaleBranding>> => {\n const { credentialDisplay, issuerCredentialSubject } = args\n\n return oid4vciCombineDisplayLocalesFrom({\n ...(issuerCredentialSubject && { issuerCredentialSubjectLocales: await oid4vciIssuerCredentialSubjectLocalesFrom({ issuerCredentialSubject }) }),\n ...(credentialDisplay && { credentialDisplayLocales: await oid4vciCredentialDisplayLocalesFrom({ credentialDisplay }) }),\n })\n}\n\nexport const oid4vciCredentialDisplayLocalesFrom = async (\n args: Oid4vciCredentialDisplayLocalesFromArgs,\n): Promise<Map<string, CredentialsSupportedDisplay>> => {\n const { credentialDisplay } = args\n return credentialDisplay.reduce((localeDisplays, display) => {\n const localeKey = display.locale \|\| ''\n localeDisplays.set(localeKey, display)\n return localeDisplays\n }, new Map<string, CredentialsSupportedDisplay>())\n}\n\nexport const oid4vciIssuerCredentialSubjectLocalesFrom = async (\n args: Oid4vciIssuerCredentialSubjectLocalesFromArgs,\n): Promise<Map<string, Array<IBasicCredentialClaim>>> => {\n const { issuerCredentialSubject } = args\n const localeClaims = new Map<string, Array<IBasicCredentialClaim>>()\n\n const processClaimObject = (claim: any, parentKey: string = ''): void => {\n Object.entries(claim).forEach(([key, value]): void => {\n if (key === 'mandatory' \|\| key === 'value_type') {\n return\n }\n\n if (key === 'display' && Array.isArray(value)) {\n value.forEach(({ name, locale = '' }: NameAndLocale): void => {\n if (!name) {\n return\n }\n\n //const localeKey = locale \|\| ''\n if (!localeClaims.has(locale)) {\n localeClaims.set(locale, [])\n }\n localeClaims.get(locale)!.push({ key: parentKey, name })\n })\n } else if (typeof value === 'object' && value !== null) {\n processClaimObject(value, parentKey ? `${parentKey}.${key}` : key)\n }\n })\n }\n\n processClaimObject(issuerCredentialSubject)\n return localeClaims\n}\n\nexport const oid4vciCredentialLocaleBrandingFrom = async (args: Oid4vciCredentialLocaleBrandingFromArgs): Promise<IBasicCredentialLocaleBranding> => {\n const { credentialDisplay } = args\n\n return {\n ...(credentialDisplay.name && {\n alias: credentialDisplay.name,\n }),\n ...(credentialDisplay.locale && {\n locale: credentialDisplay.locale,\n }),\n ...(credentialDisplay.logo && {\n logo: {\n ...((credentialDisplay.logo.url \|\| <string>credentialDisplay.logo.uri) && {\n uri: credentialDisplay.logo?.url ?? <string>credentialDisplay.logo.uri,\n }),\n ...(credentialDisplay.logo.alt_text && {\n alt: credentialDisplay.logo?.alt_text,\n }),\n },\n }),\n ...(credentialDisplay.description && {\n description: credentialDisplay.description,\n }),\n\n ...(credentialDisplay.text_color && {\n text: {\n color: credentialDisplay.text_color,\n },\n }),\n ...((credentialDisplay.background_image \|\| credentialDisplay.background_color) && {\n background: {\n ...(credentialDisplay.background_image && {\n image: {\n ...((credentialDisplay.background_image.url \|\| <string>credentialDisplay.background_image.uri) && {\n uri: credentialDisplay.background_image?.url ?? <string>credentialDisplay.background_image.uri,\n }),\n ...(credentialDisplay.background_image.alt_text && {\n alt: credentialDisplay.background_image?.alt_text,\n }),\n },\n }),\n ...(credentialDisplay.background_color && {\n color: credentialDisplay.background_color,\n }),\n },\n }),\n }\n}\n\nexport const oid4vciCombineDisplayLocalesFrom = async (\n args: Oid4vciCombineDisplayLocalesFromArgs,\n): Promise<Array<IBasicCredentialLocaleBranding>> => {\n const {\n credentialDisplayLocales = new Map<string, CredentialsSupportedDisplay>(),\n issuerCredentialSubjectLocales = new Map<string, Array<IBasicCredentialClaim>>(),\n } = args\n\n const locales: Array<string> = Array.from(new Set([...issuerCredentialSubjectLocales.keys(), ...credentialDisplayLocales.keys()]))\n\n return Promise.all(\n locales.map(async (locale: string): Promise<IBasicCredentialLocaleBranding> => {\n const display = credentialDisplayLocales.get(locale)\n const claims = issuerCredentialSubjectLocales.get(locale)\n\n return {\n ...(display && (await oid4vciCredentialLocaleBrandingFrom({ credentialDisplay: display }))),\n ...(locale.length > 0 && { locale }),\n claims,\n }\n }),\n )\n}\n\nexport const sdJwtGetCredentialBrandingFrom = async (args: SdJwtGetCredentialBrandingFromArgs): Promise<Array<IBasicCredentialLocaleBranding>> => {\n const { credentialDisplay, claimsMetadata } = args\n\n return sdJwtCombineDisplayLocalesFrom({\n ...(claimsMetadata && { claimsMetadata: await sdJwtCredentialClaimLocalesFrom({ claimsMetadata }) }),\n ...(credentialDisplay && { credentialDisplayLocales: await sdJwtCredentialDisplayLocalesFrom({ credentialDisplay }) }),\n })\n}\n\nexport const sdJwtCredentialDisplayLocalesFrom = async (\n args: SdJwtCredentialDisplayLocalesFromArgs,\n): Promise<Map<string, SdJwtTypeDisplayMetadata>> => {\n const { credentialDisplay } = args\n return credentialDisplay.reduce((localeDisplays, display) => {\n const localeKey = display.lang \|\| ''\n localeDisplays.set(localeKey, display)\n return localeDisplays\n }, new Map<string, SdJwtTypeDisplayMetadata>())\n}\n\nexport const sdJwtCredentialClaimLocalesFrom = async (\n args: SdJwtCredentialClaimLocalesFromArgs,\n): Promise<Map<string, Array<IBasicCredentialClaim>>> => {\n const { claimsMetadata } = args\n const localeClaims = new Map<string, Array<IBasicCredentialClaim>>()\n\n claimsMetadata.forEach((claim: SdJwtClaimMetadata): void => {\n claim.display?.forEach((display: SdJwtClaimDisplayMetadata): void => {\n const { lang = '', label } = display\n const key = claim.path.map((value: SdJwtClaimPath) => String(value)).join('.')\n if (!localeClaims.has(lang)) {\n localeClaims.set(lang, [])\n }\n localeClaims.get(lang)!.push({ key, name: label })\n })\n })\n\n return localeClaims\n}\n\nexport const sdJwtCredentialLocaleBrandingFrom = async (args: SdJwtCredentialLocaleBrandingFromArgs): Promise<IBasicCredentialLocaleBranding> => {\n const { credentialDisplay } = args\n\n return {\n ...(credentialDisplay.name && {\n alias: credentialDisplay.name,\n }),\n ...(credentialDisplay.lang && {\n locale: credentialDisplay.lang,\n }),\n ...(credentialDisplay.rendering?.simple?.logo && {\n logo: {\n ...(credentialDisplay.rendering.simple.logo.uri && {\n uri: credentialDisplay.rendering.simple.logo.uri,\n }),\n ...(credentialDisplay.rendering.simple.logo.alt_text && {\n alt: credentialDisplay.rendering.simple.logo.alt_text,\n }),\n },\n }),\n ...(credentialDisplay.description && {\n description: credentialDisplay.description,\n }),\n ...(credentialDisplay.rendering?.simple?.text_color && {\n text: {\n color: credentialDisplay.rendering.simple.text_color,\n },\n }),\n ...(credentialDisplay.rendering?.simple?.background_color && {\n background: {\n color: credentialDisplay.rendering.simple.background_color,\n },\n }),\n }\n}\n\nexport const sdJwtCombineDisplayLocalesFrom = async (args: SdJwtCombineDisplayLocalesFromArgs): Promise<Array<IBasicCredentialLocaleBranding>> => {\n const { credentialDisplayLocales = new Map<string, SdJwtTypeDisplayMetadata>(), claimsMetadata = new Map<string, Array<IBasicCredentialClaim>>() } =\n args\n\n const locales: Array<string> = Array.from(new Set([...claimsMetadata.keys(), ...credentialDisplayLocales.keys()]))\n\n return Promise.all(\n locales.map(async (locale: string): Promise<IBasicCredentialLocaleBranding> => {\n const display = credentialDisplayLocales.get(locale)\n const claims = claimsMetadata.get(locale)\n\n return {\n ...(display && (await sdJwtCredentialLocaleBrandingFrom({ credentialDisplay: display }))),\n ...(locale.length > 0 && { locale }),\n claims,\n }\n }),\n )\n}\n\n// TODO since dynamicRegistrationClientMetadata can also be on a RP, we should start using this mapper in a more general way\nexport const issuerLocaleBrandingFrom = async (args: IssuerLocaleBrandingFromArgs): Promise<IBasicIssuerLocaleBranding> => {\n const { issuerDisplay, dynamicRegistrationClientMetadata } = args\n\n return {\n ...(dynamicRegistrationClientMetadata?.client_name && {\n alias: dynamicRegistrationClientMetadata.client_name,\n }),\n ...(issuerDisplay.name && {\n alias: issuerDisplay.name,\n }),\n ...(issuerDisplay.locale && {\n locale: issuerDisplay.locale,\n }),\n ...((issuerDisplay.logo \|\| dynamicRegistrationClientMetadata?.logo_uri) && {\n logo: {\n ...(dynamicRegistrationClientMetadata?.logo_uri && {\n uri: dynamicRegistrationClientMetadata?.logo_uri,\n }),\n ...((issuerDisplay.logo?.url \|\| <string>issuerDisplay.logo?.uri) && {\n uri: issuerDisplay.logo?.url ?? <string>issuerDisplay.logo?.uri,\n }),\n ...(issuerDisplay.logo?.alt_text && {\n alt: issuerDisplay.logo?.alt_text,\n }),\n },\n }),\n ...(issuerDisplay.description && {\n description: issuerDisplay.description,\n }),\n ...(issuerDisplay.text_color && {\n text: {\n color: issuerDisplay.text_color,\n },\n }),\n ...(dynamicRegistrationClientMetadata?.client_uri && {\n clientUri: dynamicRegistrationClientMetadata.client_uri,\n }),\n ...(dynamicRegistrationClientMetadata?.tos_uri && {\n tosUri: dynamicRegistrationClientMetadata.tos_uri,\n }),\n ...(dynamicRegistrationClientMetadata?.policy_uri && {\n policyUri: dynamicRegistrationClientMetadata.policy_uri,\n }),\n ...(dynamicRegistrationClientMetadata?.contacts && {\n contacts: dynamicRegistrationClientMetadata.contacts,\n }),\n }\n}\n","import { Loggers, LogLevel, LogMethod } from '@sphereon/ssi-types'\nimport { OID4VCIMachineInterpreter, OID4VCIMachineState, OID4VCIMachineStates } from '../types/IOID4VCIHolder'\n\nconst logger = Loggers.DEFAULT.options('sphereon:oid4vci:holder', { defaultLogLevel: LogLevel.DEBUG, methods: [LogMethod.CONSOLE] }).get(\n 'sphereon:oid4vci:holder',\n)\n\nexport const OID4VCICallbackStateListener = (\n callbacks?: Map<OID4VCIMachineStates, (machine: OID4VCIMachineInterpreter, state: OID4VCIMachineState, opts?: any) => Promise<void>>,\n) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState): Promise<void> => {\n if (state._event.type === 'internal') {\n logger.debug('oid4vciCallbackStateListener: internal event')\n // Make sure we do not navigate when triggered by an internal event. We need to stay on current screen\n // Make sure we do not navigate when state has not changed\n return\n }\n logger.info(`VCI state listener state: ${JSON.stringify(state.value)}`)\n\n if (!callbacks \|\| callbacks.size === 0) {\n logger.info(`VCI no callbacks registered for state: ${JSON.stringify(state.value)}`)\n return\n }\n\n for (const [stateKey, callback] of callbacks) {\n if (state.matches(stateKey)) {\n logger.log(`VCI state callback for state: ${JSON.stringify(state.value)}, will execute...`)\n await callback(oid4vciMachine, state)\n .then(() => logger.log(`state callback executed for state: ${JSON.stringify(state.value)}`))\n .catch((error) => {\n logger.error(\n `VCI state callback failed for state: ${JSON.stringify(state.value)}, error: ${JSON.stringify(error?.message)}, ${JSON.stringify(state.event)}`,\n )\n if (error.stack) {\n logger.error(error.stack)\n }\n })\n break\n }\n }\n }\n}\n","import { CredentialOfferClient } from '@sphereon/oid4vci-client'\nimport { AuthorizationRequestOpts, AuthorizationServerClientOpts, AuthzFlowType, convertURIToJsonObject } from '@sphereon/oid4vci-common'\nimport { DefaultLinkPriorities, LinkHandlerAdapter } from '@sphereon/ssi-sdk.core'\nimport { IMachineStatePersistence, interpreterStartOrResume, SerializableState } from '@sphereon/ssi-sdk.xstate-machine-persistence'\nimport { IAgentContext } from '@veramo/core'\nimport { GetMachineArgs, IOID4VCIHolder, OID4VCIMachineEvents, OID4VCIMachineStateNavigationListener, WalletType } from '../types/IOID4VCIHolder'\nimport { FirstPartyMachineStateNavigationListener } from '../types/FirstPartyMachine'\n\n/\n This handler only handles credential offer links (either by value or by reference)\n */\nexport class OID4VCIHolderLinkHandler extends LinkHandlerAdapter {\n private readonly context: IAgentContext<IOID4VCIHolder & IMachineStatePersistence>\n private readonly stateNavigationListener?: OID4VCIMachineStateNavigationListener\n private readonly firstPartyStateNavigationListener?: FirstPartyMachineStateNavigationListener\n private readonly noStateMachinePersistence: boolean\n private readonly walletType: WalletType\n private readonly authorizationRequestOpts?: AuthorizationRequestOpts\n private readonly clientOpts?: AuthorizationServerClientOpts\n private readonly trustAnchors?: Array<string>\n\n constructor(\n args: Pick<\n GetMachineArgs,\n 'stateNavigationListener' \| 'authorizationRequestOpts' \| 'clientOpts' \| 'trustAnchors' \| 'firstPartyStateNavigationListener' \| 'walletType'\n > & {\n priority?: number \| DefaultLinkPriorities\n protocols?: Array<string \| RegExp>\n noStateMachinePersistence?: boolean\n context: IAgentContext<IOID4VCIHolder & IMachineStatePersistence>\n },\n ) {\n super({ ...args, id: 'OID4VCIHolder' })\n this.authorizationRequestOpts = args.authorizationRequestOpts\n this.clientOpts = args.clientOpts\n this.context = args.context\n this.walletType = args.walletType ?? 'NATURAL_PERSON'\n this.noStateMachinePersistence = args.noStateMachinePersistence === true\n this.stateNavigationListener = args.stateNavigationListener\n this.firstPartyStateNavigationListener = args.firstPartyStateNavigationListener\n this.trustAnchors = args.trustAnchors\n }\n\n async handle(\n url: string \| URL,\n opts?: {\n machineState?: SerializableState\n authorizationRequestOpts?: AuthorizationRequestOpts\n createAuthorizationRequestURL?: boolean\n clientOpts?: AuthorizationServerClientOpts\n flowType?: AuthzFlowType\n },\n ): Promise<void> {\n const uri = new URL(url).toString()\n const offerData = convertURIToJsonObject(uri) as Record<string, unknown>\n const hasCode = 'code' in offerData && !!offerData.code && !('issuer' in offerData)\n const code = hasCode ? (offerData.code as string) : undefined\n const clientOpts = { ...this.clientOpts, ...opts?.clientOpts }\n const oid4vciMachine = await this.context.agent.oid4vciHolderGetMachineInterpreter({\n requestData: {\n // We know this can only be invoked with a credential offer, so we convert the URI to offer\n ...(!hasCode && { credentialOffer: await CredentialOfferClient.fromURI(uri) }),\n ...(hasCode && { code: code }),\n createAuthorizationRequestURL: opts?.createAuthorizationRequestURL,\n flowType: opts?.flowType,\n uri,\n },\n trustAnchors: this.trustAnchors,\n authorizationRequestOpts: { ...this.authorizationRequestOpts, ...opts?.authorizationRequestOpts },\n ...((clientOpts.clientId \|\| clientOpts.clientAssertionType) && { clientOpts: clientOpts as AuthorizationServerClientOpts }),\n stateNavigationListener: this.stateNavigationListener,\n firstPartyStateNavigationListener: this.firstPartyStateNavigationListener,\n walletType: this.walletType,\n })\n\n const interpreter = oid4vciMachine.interpreter\n //FIXME we need a better way to check if the state persistence plugin is available in the agent\n if (!opts?.machineState && this.context.agent.availableMethods().includes('machineStatesFindActive')) {\n const stateType = hasCode ? 'existing' : 'new'\n await interpreterStartOrResume({\n stateType,\n interpreter,\n context: this.context,\n cleanupAllOtherInstances: true,\n cleanupOnFinalState: true,\n singletonCheck: true,\n noRegistration: this.noStateMachinePersistence,\n })\n } else {\n // @ts-ignore\n interpreter.start(opts?.machineState)\n }\n\n if (hasCode) {\n interpreter.send(OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE, { data: uri })\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,mDAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,gDAAkD;AAAA,MAClD,uDAAyD;AAAA,MACzD,8CAAgD;AAAA,MAChD,kDAAoD;AAAA,MACpD,kDAAoD;AAAA,MACpD,sDAAwD;AAAA,MACxD,mDAAqD;AAAA,MACrD,8CAAgD;AAAA,MAChD,kDAAoD;AAAA,MACpD,wCAA0C;AAAA,MAC1C,wDAA0D;AAAA,MAC1D,+DAAiE;AAAA,MACjE,uDAAyD;AAAA,MACzD,yCAA2C;AAAA,MAC3C,kEAAoE;AAAA,MACpE,2CAA6C;AAAA,MAC7C,yCAA2C;AAAA,IAC7C;AAAA;AAAA;;;AClBA;AAAA,mDAAAC,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,gDAAkD;AAAA,MAClD,uDAAyD;AAAA,MACzD,8CAAgD;AAAA,MAChD,kDAAoD;AAAA,MACpD,kDAAoD;AAAA,MACpD,sDAAwD;AAAA,MACxD,mDAAqD;AAAA,MACrD,8CAAgD;AAAA,MAChD,kDAAoD;AAAA,MACpD,wCAA0C;AAAA,MAC1C,wDAA0D;AAAA,MAC1D,uDAAyD;AAAA,MACzD,yCAA2C;AAAA,MAC3C,kEAAoE;AAAA,MACpE,2CAA6C;AAAA,MAC7C,yCAA2C;AAAA,IAC7C;AAAA;AAAA;;;ACjBA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACAA,IAAAC,yBAAiG;AACjG,IAAAC,yBAcO;AACP,IAAAC,sBAAuC;AACvC,IAAAA,sBAUO;AAEP,IAAAA,sBAA0C;AAC1C,IAAAC,kBAA8B;AAC9B,IAAAA,kBAaO;AACP,IAAAC,oBAaO;AAWP,IAAAC,gBAA0C;AAC1C,yBAAkB;AAClB,qBAA0B;AAC1B,IAAAC,eAA6B;;;ACxE7B,4BAAkG;AAElG,oBAAkE;;;ACFlE,qBAA8C;AAC9C,oBAAoB;;;ACsLb,IAAKC,qBAAAA,0BAAAA,qBAAAA;;;;SAAAA;;AAgBL,IAAKC,oBAAAA,0BAAAA,oBAAAA;;;SAAAA;;AA+CL,IAAKC,uBAAAA,0BAAAA,uBAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAAAA;;AAiCL,IAAKC,iCAAAA,0BAAAA,iCAAAA;;;SAAAA;;AAKL,IAAKC,gCAAAA,0BAAAA,gCAAAA;;;SAAAA;;AAiFL,IAAKC,uBAAAA,0BAAAA,uBAAAA;;;;;;;;;;;;SAAAA;;AAcL,IAAKC,uBAAAA,0BAAAA,uBAAAA;;;;;;;;;;;;;;;;SAAAA;;AAkBL,IAAKC,yBAAAA,0BAAAA,yBAAAA;;;;;;;;;;;;;;;SAAAA;;AAqDL,IAAKC,cAAAA,0BAAAA,cAAAA;;;;SAAAA;;AA6LL,IAAKC,sBAAAA,0BAAAA,sBAAAA;;SAAAA;;;;AD3nBZ,IAAMC,eAAN,MAAMA,cAAAA;EAJN,OAIMA;;;EACJ,OAAeC,qBAAyD;IACtE,CAACC,kBAAkBC,OAAO,GAAG,MAAMC;IACnC,CAACF,kBAAkBG,KAAK,GAAG,MAAMD;EACnC;EAEA,OAAcE,gBAAiBC,cAAAA,SAC7B,CAACC,KAAYC,WAAAA;AAEX,QAAIC,OAAOC,KAAKC,eAAAA,QAAKC,YAAY,EAAEC,WAAW,GAAG;AAC/CF,qBAAAA,QAAKC,eAAe;QAClB,CAACX,kBAAkBC,OAAO,GAAGH,cAAaC,mBAAmBC,kBAAkBC,OAAO,EAAC;MACzF;AACAS,qBAAAA,QAAKG,SAASb,kBAAkBC;IAClC,OAAO;AACLS,qBAAAA,QAAKC,eAAe;QAClB,CAACD,eAAAA,QAAKG,MAAM,GAAG;UACb,GAAGH,eAAAA,QAAKC,aAAaD,eAAAA,QAAKG,MAAM;UAChC,GAAGf,cAAaC,mBAAmB,KAAKe,sBAAsBJ,eAAAA,QAAKG,MAAM,KAAKb,kBAAkBC,OAAO,EAAC;QAC1G;MACF;IACF;AAEA,WAAOS,eAAAA,QAAKK,EAAET,KAAKC,MAAAA;EACrB,GACA,CAACD,KAAYC,WAA+BA,SAASD,MAAMU,KAAKC,UAAUV,MAAAA,IAAUD,GAAAA;EAGtF,OAAeQ,wBAAwB,wBAACD,WAAAA;AACtC,eAAWK,YAAYV,OAAOW,OAAOnB,iBAAAA,GAAoB;AACvD,UAAIkB,aAAaL,QAAQ;AACvB,eAAOK;MACT;IACF;AAEA,WAAOE;EACT,GARuC;EAUvC,OAAcC,YAAY,6BAAA;AACxB,WAAOX,eAAAA,QAAKG,UAAUb,kBAAkBC;EAC1C,GAF0B;AAG5B;AAEO,IAAMG,YAAYN,aAAaM;;;AErC/B,IAAKkB,8BAAAA,0BAAAA,8BAAAA;;;;;;;;;;SAAAA;;AAYL,IAAKC,4BAAAA,0BAAAA,4BAAAA;;;;;SAAAA;;AAuBL,IAAKC,0BAAAA,0BAAAA,0BAAAA;;;;;SAAAA;;;;AHXZ,IAAMC,2BAA2B,wBAACC,MAA6BC,WAAAA;AAC7D,QAAM,EAAEC,QAAO,IAAKF;AACpB,SAAOE,YAAYC;AACrB,GAHiC;AAKjC,IAAMC,yBAAyB,wBAACJ,MAA6BC,WAAAA;AAC3D,QAAM,EAAEC,QAAO,IAAKF;AACpB,SAAOE,YAAYC;AACrB,GAH+B;AAK/B,IAAME,iCAAiC,wBAACL,MAA6BC,WAAAA;AACnE,QAAM,EAAEC,SAASI,eAAc,IAAKN;AACpC,SAAOE,YAAYC,UAAaG,mBAAmBH,UAAaG,eAAeC,WAAW;AAC5F,GAHuC;AAKvC,IAAMC,0CAA0C,wBAACR,MAA6BC,WAAAA;AAC5E,QAAM,EAAEQ,uBAAsB,IAAKT;AACnC,SAAOS,0BAA0BA,uBAAuBF,SAAS;AACnE,GAHgD;AAKhD,IAAMG,yBAAyB,wBAACV,MAA6BC,WAAAA;AAC3D,QAAM,EAAEU,YAAW,IAAKX;AACxB,SAAOW,aAAaC,iBAAiBC,oBAAoB;AAC3D,GAH+B;AAK/B,IAAMC,mCAAmC,wBAACd,MAA6BC,WAAAA;AACrE,QAAM,EAAEC,SAASa,oBAAmB,IAAKf;AACzC,MAAIgB,aAAaD,oBAAoB,CAAA,EAAGE;AACxC,MAAID,WAAWE,MAAM,gBAAA,GAAmB;AACtCF,iBAAa,IAAIG,IAAIH,UAAAA,EAAYI;EACnC;AACA,SAAO,CAAClB,SAASmB,WAAWC,KAAK,CAACC,aAAgCA,SAASC,WAAWP,kBAAkBD,UAAAA;AAC1G,GAPyC;AASzC,IAAMS,+BAA+B,wBAACzB,MAA6BC,WAAAA;AACjE,QAAM,EAAEyB,iBAAgB,IAAK1B;AAC7B,SAAO0B,qBAAqBvB,UAAauB,iBAAiBnB,SAAS;AACrE,GAHqC;AAKrC,IAAMoB,4BAA4B,wBAAC3B,MAA6BC,WAAAA;AAC9D,QAAM,EAAE2B,cAAcC,kBAAiB,IAAK7B;AAC5C,SAAO6B,qBAAqB,CAAC,CAACD,gBAAgBA,aAAarB,SAAS;AACtE,GAHkC;AAKlC,IAAMuB,qCAAqC,wBAAC9B,MAA6BC,WAAAA;AACvE,QAAM,EAAE8B,oBAAmB,IAAK/B;AAChC,SAAO+B,wBAAwB5B,UAAa4B,oBAAoBxB,SAAS;AAC3E,GAH2C;AAK3C,IAAMyB,2BAA2B,wBAAChC,MAA6BC,WAAAA;AAE7D,QAAM,EAAEgC,aAAY,IAAKjC;AACzB,SAAOiC,aAAa1B,SAAS;AAC/B,GAJiC;AAMjC,IAAM2B,8BAA8B,wBAACC,KAA4BlC,WAAAA;AAC/D,SAAO,CAACmC,gCAAgCD,KAAKlC,MAAAA;AAC/C,GAFoC;AAKpC,IAAMoC,mCAAmC,wBAACF,KAA4BlC,WAAAA;AACpE,QAAM,EAAEqC,sBAAqB,IAAKH;AAElC,MAAI,CAACG,uBAAuB;AAC1B,UAAMC,MAAM,4CAAA;EACd;AAEA,MAAID,sBAAsBE,oBAAoBF,sBAAsBG,0BAA0B;AAG5F,WAAO,CAACN,IAAIG,uBAAuBI;EACrC,WAAWJ,sBAAsB1B,iBAAiB+B,gBAAgBC,SAASC,oCAAcC,uBAAuB,GAAG;AACjH,WAAO,CAACX,IAAIG,uBAAuBI;EACrC,WAAWJ,sBAAsB1B,iBAAiB+B,gBAAgBC,SAASC,oCAAcE,wBAAwB,GAAG;AAClH,WAAO;EACT,WAAWT,sBAAsBU,kBAAkBC,0BAA0BC,wBAAwB;AACnG,WAAO,CAACf,IAAIG,uBAAuBI;EACrC;AACA,SAAO;AACT,GAnByC;AAqBzC,IAAMN,kCAAkC,wBAACD,KAA4BlC,WAAAA;AACnE,SAAO,CAAC,CAACkC,IAAIG,uBAAuBI;AACtC,GAFwC;AAIxC,IAAMS,iCAAiC,wBAAChB,KAA4BlC,WAAAA;AAClE,SAAO,CAAC,CAACkC,IAAIiB,gBAAgBC;AAC/B,GAFuC;AAIvC,IAAMC,uBAAuB,wBAACC,SAAAA;AAC5B,QAAMC,iBAAwC;;IAE5CC,iBAAiBF,MAAME;IACvB9C,aAAa4C,MAAM5C;IACnB+C,YAAYH,MAAMG,cAAc;IAChCzB,cAAcsB,MAAMtB,gBAAgB,CAAA;IACpC0B,aAAaJ,MAAMI;IACnBC,sBAAsBL,MAAMK;IAC5BC,QAAQN,MAAMM;IACdC,sBAAsB,CAAC;IACvBrD,wBAAwB,CAAA;IACxBsB,qBAAqB,CAAA;IACrBhB,qBAAqB,CAAA;IACrBc,mBAAmB;IACnBD,cAAc;EAChB;AAEA,aAAOmC,6BAA+D;IACpEC,IAAIT,MAAMU,eAAe;IACzBC,4BAA4B;IAC5BC,SAASC,qBAAqBC;IAC9BC,QAAQ;MACNC,QAAQ,CAAC;MACTC,QAAQ,CAAC;MAeTC,UAAU,CAAC;IAyCb;IACAC,SAASlB;IACTmB,QAAQ;MACN,CAACP,qBAAqBC,KAAK,GAAG;QAC5BL,IAAII,qBAAqBC;QACzBO,QAAQ;UACNC,KAAKC,uBAAuBT;UAC5BU,QAAQ;YACNC,QAAQZ,qBAAqBa;YAC7BC,aAASC,sBAAO;cACdC,oBAAoB,wBAACpF,MAA6BC,WAAyCA,OAAOoF,KAAKD,sBAAsB,CAAC,GAA1G;cACpBtB,sBAAsB,wBAAC9D,MAA6BC,WAAyCA,OAAOoF,KAAKvB,sBAAnF;cACtBV,gBAAgB,wBAACpD,MAA6BC,WAAyCA,OAAOoF,KAAKjC,gBAAnF;cAChBd,uBAAuB,wBAACtC,MAA6BC,WAAyCA,OAAOoF,KAAKC,oBAAnF;YACzB,CAAA;UACF;UACAC,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,wCAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBa,6BAA6B,GAAG;QACpDjB,IAAII,qBAAqBa;QACzBL,QAAQ;UACNC,KAAKC,uBAAuBG;UAC5BF,QAAQ;YACNC,QAAQZ,qBAAqB0B;YAC7BZ,aAASC,sBAAO;cACd1E,wBAAwB,wBAACT,MAA6BC,WAAiEA,OAAOoF,MAAtG;YAC1B,CAAA;UAGF;UACAE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,kDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqB0B,UAAU,GAAG;QACjC9B,IAAII,qBAAqB0B;QACzBlB,QAAQ;UACNC,KAAKC,uBAAuBgB;UAC5Bf,QAAQ;YACNC,QAAQZ,qBAAqB2B;YAC7Bb,aAASC,sBAAO;cAAEjF,SAAS,wBAACF,MAA6BC,WAAmCA,OAAOoF,MAAxE;YAA6E,CAAA;UAC1G;UACAE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,8CAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqB2B,iBAAiB,GAAG;QACxC/B,IAAII,qBAAqB2B;QACzBnB,QAAQ;UACNC,KAAKC,uBAAuBiB;UAC5BhB,QAAQ;YACN;cACEC,QAAQZ,qBAAqB4B;cAC7BC,MAAMC,qBAAqBC;cAC3BjB,aAASC,sBAAO;gBACdiB,gBAAgB,wBAACpG,MAA6BC,WAC5CA,OAAOoF,MADO;cAElB,CAAA;YACF;YACA;cACEL,QAAQZ,qBAAqBiC;cAC7BnB,aAASC,sBAAO;gBACdiB,gBAAgB,wBAACpG,MAA6BC,WAC5CA,OAAOoF,MADO;cAElB,CAAA;YACF;;UAEFE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,sDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqB4B,kBAAkB,GAAG;QACzChC,IAAII,qBAAqB4B;QACzBpB,QAAQ;UACNC,KAAKC,uBAAuBkB;UAC5BjB,QAAQ;YACNC,QAAQZ,qBAAqBiC;YAC7BnB,aAASC,sBAAO;cACd7E,gBAAgB,wBAACN,MAA6BC,WAA2CA,OAAOoF,MAAhF;YAClB,CAAA;UACF;UACAE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,uDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBiC,mBAAmB,GAAG;QAC1CrC,IAAII,qBAAqBiC;QACzBC,QAAQ;UACN;YACEtB,QAAQZ,qBAAqBmC;YAC7BN,MAAMC,qBAAqBM;UAC7B;UACA;YACExB,QAAQZ,qBAAqBqC;YAC7BR,MAAMC,qBAAqBQ;UAC7B;UACA;YACE1B,QAAQZ,qBAAqBuC;YAC7BV,MAAMC,qBAAqBU;UAC7B;UACA;YACE5B,QAAQZ,qBAAqByC;YAC7BZ,MAAMC,qBAAqBY;UAC7B;UACA;YACE9B,QAAQZ,qBAAqB2C;YAC7Bd,MAAMC,qBAAqBc;UAC7B;UACA;YACEhC,QAAQZ,qBAAqB6C;YAC7BhB,MAAMC,qBAAqBgB;UAC7B;UACA;YACElC,QAAQZ,qBAAqB+C;UAC/B;;QAEFC,IAAI;UACF,CAACC,qBAAqBC,0BAA0B,GAAG;YACjDpC,aAASC,sBAAO;cAAEoC,sBAAsB,wBAACvH,MAA6BC,WAAyCA,OAAOoF,MAA9E;YAAmF,CAAA;UAC7H;QACF;MACF;MACA,CAACjB,qBAAqBmC,UAAU,GAAG;QACjCvC,IAAII,qBAAqBmC;QACzBpC,SAASqD,+BAA+BC;QACxCL,IAAI;UACF,CAACC,qBAAqBK,mBAAmB,GAAG;YAC1CxC,aAASC,sBAAO;cAAEtD,mBAAmB,wBAAC7B,MAA6BC,WAAgCA,OAAOoF,MAArE;YAA0E,CAAA;UACjH;UACA,CAACgC,qBAAqBM,iBAAiB,GAAG;YACxCzC,aAASC,sBAAO;cAAEvD,cAAc,wBAAC5B,MAA6BC,WAA8BA,OAAOoF,MAAnE;YAAwE,CAAA;UAC1G;UACA,CAACgC,qBAAqBO,cAAc,GAAG;YACrC5C,QAAQ,IAAIwC,+BAA+BK,IAAI;YAC/C3C,aAASC,sBAAO;cAAEjF,SAAS,wBAACF,MAA6BC,WAA+BA,OAAOoF,MAApE;YAAyE,CAAA;YACpGY,MAAMC,qBAAqB4B;UAC7B;UACA,CAACT,qBAAqBU,OAAO,GAAG;YAC9B/C,QAAQZ,qBAAqB4D;UAC/B;UACA,CAACX,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqB8D;UAC/B;QACF;QACAvD,QAAQ;UACN,CAAC6C,+BAA+BC,IAAI,GAAG,CAAC;UACxC,CAACD,+BAA+BK,IAAI,GAAG;YACrCvB,QAAQ;cACNtB,QAAQ,IAAIZ,qBAAqB+D,mBAAmB;cACpDlC,MAAMC,qBAAqBkC;YAC7B;UACF;QACF;MACF;MACA,CAAChE,qBAAqBqC,aAAa,GAAG;QACpCzC,IAAII,qBAAqBqC;QACzBW,IAAI;UACF,CAACC,qBAAqBgB,IAAI,GAAG;YAC3BrD,QAAQZ,qBAAqBkE;UAC/B;UACA,CAACjB,qBAAqBU,OAAO,GAAG;YAC9B/C,QAAQZ,qBAAqB4D;UAC/B;UACA,CAACX,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqB8D;UAC/B;QACF;MACF;MACA,CAAC9D,qBAAqB+D,mBAAmB,GAAG;QAC1CnE,IAAII,qBAAqB+D;QACzBvD,QAAQ;UACNC,KAAKC,uBAAuBqD;UAC5BpD,QAAQ;YACNC,QAAQZ,qBAAqBkE;UAC/B;UACA/C,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,mDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBkE,0BAA0B,GAAG;QACjDtE,IAAII,qBAAqBkE;QACzBhC,QAAQ;UACN;YACEtB,QAAQZ,qBAAqBuC;YAC7BV,MAAMC,qBAAqBU;UAC7B;UACA;YACE5B,QAAQZ,qBAAqByC;YAC7BZ,MAAMC,qBAAqBY;UAC7B;UACA;YACE9B,QAAQZ,qBAAqB2C;YAC7Bd,MAAMC,qBAAqBc;UAC7B;UACA;YACEhC,QAAQZ,qBAAqB6C;YAC7BhB,MAAMC,qBAAqBgB;UAC7B;UACA;YACElC,QAAQZ,qBAAqB+C;UAC/B;;MAEJ;MACA,CAAC/C,qBAAqByC,6BAA6B,GAAG;QACpD7C,IAAII,qBAAqByC;QACzBjC,QAAQ;UACNC,KAAKC,uBAAuB+B;UAC5B9B,QAAQ;YACN;cACEC,QAAQZ,qBAAqB8D;cAC7BjC,MAAM,wBAACjG,MAA6BC,WAClCA,OAAOoF,SAASkD,4BAA4BL,SADxC;YAER;YACA;cACElD,QAAQZ,qBAAqB4D;cAC7B/B,MAAM,wBAACjG,MAA6BC,WAClCA,OAAOoF,SAASkD,4BAA4BP,UADxC;YAER;YACA;cACEhD,QAAQZ,qBAAqB+C;cAC7BjC,aAASC,sBAAO;gBACd7C,uBAAuB,wBAACtC,MAA6BC,WAAAA;AACnD,wBAAMyC,gCAA4B8F,sDAA+BvI,OAAOoF,IAAI;AAC5E,yBAAO;oBAAE,GAAGrF,KAAKsC;oBAAwBI;kBAA0B;gBACrE,GAHuB;cAIzB,CAAA;YACF;;UAEF6C,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAyD;gBAC5FyF,OAAOzF,OAAOoF,KAAKK,SAASC,UAAU,yCAAA;gBACtCC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBuC,iBAAiB,GAAG;QACxC3C,IAAII,qBAAqBuC;QACzBS,IAAI;UACF,CAACC,qBAAqBoB,wBAAwB,GAAG;YAC/CvD,aAASC,sBAAO;cAAEpD,qBAAqB,wBAAC/B,MAA6BC,WAAmCA,OAAOoF,MAAxE;YAA6E,CAAA;UACtH;UACA,CAACgC,qBAAqBgB,IAAI,GAAG;YAC3BrD,QAAQZ,qBAAqBsE;YAC7BzC,MAAMC,qBAAqByC;UAC7B;UACA,CAACtB,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqB8D;UAC/B;QACF;MACF;MACA,CAAC9D,qBAAqBsE,kCAAkC,GAAG;QACzD1E,IAAII,qBAAqBsE;QACzBpC,QAAQ;UACN;YACEtB,QAAQZ,qBAAqByC;YAC7BZ,MAAMC,qBAAqBY;UAC7B;UACA;YACE9B,QAAQZ,qBAAqB2C;YAC7Bd,MAAMC,qBAAqBc;UAC7B;UACA;YACEhC,QAAQZ,qBAAqB6C;YAC7BhB,MAAMC,qBAAqBgB;UAC7B;UACA;YACElC,QAAQZ,qBAAqB+C;UAC/B;;MAEJ;MACA,CAAC/C,qBAAqB2C,2BAA2B,GAAG;QAClD/C,IAAII,qBAAqB2C;QACzBnC,QAAQ;UACNC,KAAKC,uBAAuBiC;UAC5BhC,QAAQ;YACNC,QAAQZ,qBAAqBwE;YAC7B1D,aAASC,sBAAO;cACdoC,sBAAsB,wBAACvH,MAA6BC,WAClDA,OAAOoF,KAAKkC,sBADQ;cAEtBjF,uBAAuB,wBAACtC,MAA6BC,WAAwDA,OAAOoF,KAAKC,oBAAlG;YACzB,CAAA;UACF;UACAC,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,mDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBwE,4BAA4B,GAAG;QACnD5E,IAAII,qBAAqBwE;QACzBxB,IAAI;UACF,CAACC,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqBuC;UAC/B;UACA,CAACU,qBAAqBwB,kCAAkC,GAAG;YACzD7D,QAAQZ,qBAAqB0E;UAC/B;QACF;MACF;MACA,CAAC1E,qBAAqB0E,4BAA4B,GAAG;QACnD9E,IAAII,qBAAqB0E;QACzB1B,IAAI;UACF,CAACC,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqBwE;UAC/B;UACA,CAACvB,qBAAqB0B,mCAAmC,GAAG;YAC1D7D,aAASC,sBAAO;cACd7C,uBAAuB,wBAACtC,MAA6BC,WAAAA;AACnD,sBAAMyC,gCAA4B8F,sDAA+BvI,OAAOoF,IAAI;AAC5E,uBAAO;kBAAE,GAAGrF,KAAKsC;kBAAwBI;gBAA0B;cACrE,GAHuB;YAIzB,CAAA;UACF;QACF;QACA4D,QAAQ;UACN;YACEL,MAAMC,qBAAqB8C;YAC3BhE,QAAQZ,qBAAqB+C;UAC/B;;MAEJ;MACA,CAAC/C,qBAAqB6C,SAAS,GAAG;QAChCjD,IAAII,qBAAqB6C;QACzB9C,SAAS8E,8BAA8BxB;QACvCL,IAAI;UACF,CAACC,qBAAqB6B,qBAAqB,GAAG;YAC5ClE,QAAQ,IAAIiE,8BAA8BpB,IAAI;YAC9C3C,aAASC,sBAAO;cAAEzD,kBAAkB,wBAAC1B,MAA6BC,WAAkCA,OAAOoF,MAAvE;YAA4E,CAAA;UAClH;UACA,CAACgC,qBAAqBY,QAAQ,GAAG;YAC/B;cACEjD,QAAQZ,qBAAqBuC;cAC7BV,MAAMC,qBAAqBU;YAC7B;YACA;cACE5B,QAAQZ,qBAAqB8D;YAC/B;;QAEJ;QACAvD,QAAQ;UACN,CAACsE,8BAA8BxB,IAAI,GAAG,CAAC;UACvC,CAACwB,8BAA8BpB,IAAI,GAAG;YACpCvB,QAAQ;cACNtB,QAAQ,IAAIZ,qBAAqB+C,cAAc;cAC/ClB,MAAMC,qBAAqBiD;YAC7B;UACF;QACF;MACF;MACA,CAAC/E,qBAAqB+C,cAAc,GAAG;QACrCnD,IAAII,qBAAqB+C;QACzBvC,QAAQ;UACNC,KAAKC,uBAAuBqC;UAC5BpC,QAAQ;YACNC,QAAQZ,qBAAqBgF;YAC7BlE,aAASC,sBAAO;cACdpE,qBAAqB,wBAACf,MAA6BC,WAA6DA,OAAOoF,MAAlG;YACvB,CAAA;UACF;UACAE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,kDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;QACAwD,UAAMlE,sBAAO;UAAEzD,kBAAkBvB;QAAU,CAAA;MAC7C;MACA,CAACiE,qBAAqBgF,iBAAiB,GAAG;QACxCpF,IAAII,qBAAqBgF;QACzBxE,QAAQ;UACNC,KAAKC,uBAAuBwE;UAC5BvE,QAAQ;YACNC,QAAQZ,qBAAqBmF;UAC/B;UACAhE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,gDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBmF,yBAAyB,GAAG;QAChDvF,IAAII,qBAAqBmF;QACzBjD,QAAQ;UACN;YACEtB,QAAQZ,qBAAqBoF;YAC7BvD,MAAMC,qBAAqBuD;UAC7B;UACA;YACEzE,QAAQZ,qBAAqBsF;UAC/B;;MAEJ;MACA,CAACtF,qBAAqBoF,kBAAkB,GAAG;QACzCxF,IAAII,qBAAqBoF;QACzB5E,QAAQ;UACNC,KAAKC,uBAAuB0E;UAC5BzE,QAAQ;YACNC,QAAQZ,qBAAqBuF;YAC7BzE,SAAS,wBAAClF,MAA6BC,WAAAA;AACrCD,mBAAKE,SAASmB,WAAWuI,KAAK3J,OAAOoF,IAAI;YAC3C,GAFS;UAGX;UACAE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,kDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBuF,8BAA8B,GAAG;QACrD3F,IAAII,qBAAqBuF;QACzB/E,QAAQ;UACNC,KAAKC,uBAAuBqD;UAC5BpD,QAAQ;YACNC,QAAQZ,qBAAqBsF;UAC/B;UACAnE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,mDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBsF,iBAAiB,GAAG;QACxC1F,IAAII,qBAAqBsF;QACzBtC,IAAI;UACF,CAACC,qBAAqBgB,IAAI,GAAG;YAC3BrD,QAAQZ,qBAAqByF;UAC/B;UACA,CAACxC,qBAAqBU,OAAO,GAAG;YAC9B/C,QAAQZ,qBAAqB4D;UAC/B;UACA,CAACX,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqB8D;UAC/B;QACF;MACF;MACA,CAAC9D,qBAAqByF,uBAAuB,GAAG;QAC9C7F,IAAII,qBAAqByF;QACzBjF,QAAQ;UACNC,KAAKC,uBAAuB+E;UAC5B9E,QAAQ;YACNC,QAAQZ,qBAAqB0F;UAC/B;UACAvE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,uDAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqB0F,gBAAgB,GAAG;QACvC9F,IAAII,qBAAqB0F;QACzBlF,QAAQ;UACNC,KAAKC,uBAAuBgF;UAC5B/E,QAAQ;YACNC,QAAQZ,qBAAqB2F;UAC/B;UACAxE,SAAS;YACPP,QAAQZ,qBAAqBoB;YAC7BN,aAASC,sBAAO;cACdM,OAAO,wBAACzF,MAA6BC,YAAkD;gBACrFyF,OAAOC,UAAU,8CAAA;gBACjBC,SAAS3F,OAAOoF,KAAKO;gBACrBC,OAAO5F,OAAOoF,KAAKQ;cACrB,IAJO;YAKT,CAAA;UACF;QACF;MACF;MACA,CAACzB,qBAAqBoB,WAAW,GAAG;QAClCxB,IAAII,qBAAqBoB;QACzB4B,IAAI;UACF,CAACC,qBAAqBgB,IAAI,GAAG;YAC3BrD,QAAQZ,qBAAqBqB;UAC/B;UACA,CAAC4B,qBAAqBY,QAAQ,GAAG;YAC/BjD,QAAQZ,qBAAqBqB;UAC/B;QACF;MACF;MACA,CAACrB,qBAAqB8D,OAAO,GAAG;QAC9BlE,IAAII,qBAAqB8D;QACzB8B,MAAM;MACR;MACA,CAAC5F,qBAAqB4D,QAAQ,GAAG;QAC/BhE,IAAII,qBAAqB4D;QACzBgC,MAAM;MACR;MACA,CAAC5F,qBAAqBqB,KAAK,GAAG;QAC5BzB,IAAII,qBAAqBqB;QACzBuE,MAAM;MACR;MACA,CAAC5F,qBAAqB2F,IAAI,GAAG;QAC3B/F,IAAII,qBAAqB2F;QACzBC,MAAM;MACR;IACF;EACF,CAAA;AACF,GA1pB6B;AA4pBtB,IAAMC,iBAAN,MAAMA;EAvxBb,OAuxBaA;;;EACX,aAAaC,YAAY3G,MAAkCmB,SAA+E;AACxI,UAAMyF,kBAAyCC,yBAC7C9G,qBAAqBC,IAAAA,EAAM8G,WAAW;MACpC5F,UAAU;QACR,GAAGlB,MAAMkB;MACX;MACAD,QAAQ;QACNzE;QACAS;QACAE;QACAI;QACAW;QACArB;QACAuB;QACAG;QACAO;QACAH;QACAE;QACAJ;QACA3B;QACA8C;QACA,GAAGI,MAAMiB;MACX;IACF,CAAA,CAAA;AAGF,QAAI,OAAOjB,MAAM+G,iBAAiB,YAAY;AAC5CH,kBAAYI,aAAahH,KAAK+G,YAAY;IAC5C;AACA,QAAI/G,MAAMiH,gCAAgC,MAAM;AAC9C,UAAI,OAAOjH,MAAMkH,4BAA4B,YAAY;AACvDN,oBAAYI,aAAa,CAACG,aAAAA;AACxB,cAAInH,MAAMkH,yBAAyB;AACjClH,iBAAKkH,wBAAwBN,aAAaO,QAAAA;UAC5C;QACF,CAAA;MACF;IACF;AAEA,WAAO;MAAEP;IAAY;EACvB;AACF;;;AIj0BA,IAAAQ,yBAAoB;AACpB,IAAAC,yBAWO;AACP,yBAAuB;AACvB,IAAAC,sBAAqE;AACrE,IAAAA,sBAOO;AACP,IAAAA,sBAA8C;AAC9C,qBAA8B;AAE9B,uBAaO;AACP,mBAAwB;;;ACxCxB,IAAAC,iBAAkE;AAClE,IAAAC,yBAAqH;;;ACDrH,4BAAiC;AAIjC,kBAA6B;AAUtB,IAAMC,oCAAoC,8BAAOC,SAAAA;AACtD,QAAM,EAAEC,uBAAuBC,aAAaC,kCAAiC,IAAKH;AAElF,QAAMI,gBAAgB,MAAMC,uCAAiBC,UAAU;IAAEC,OAAON;EAAsB,CAAA;AACtF,SAAOG,cAAcI,kCAAkC;IACrDC,UAAUL,cAAcK,gBAAYC,YAAAA,IAAAA;IACpC,GAAIR,eAAe;MAAEA;IAAY;IACjC,GAAI,CAACA,eACHD,sBAAsBU,iBAAiBC,qBAAqB;MAAEC,aAAaZ,sBAAsBU,iBAAiBC;IAAkB;IACtI,GAAI,CAACV,eAAeD,sBAAsBU,iBAAiBE,eAAe;MAAEA,aAAaZ,sBAAsBU,iBAAiBE;IAAY;IAC5I,GAAIV,qCAAqC;MAAEA;IAAkC;EAC/E,CAAA;AACF,GAZiD;AAc1C,IAAMW,eAAe,8BAAOd,MAAwBe,YAAAA;AACzD,QAAM,EAAEC,gBAAe,IAAKhB;AAE5B,MAAI,CAACgB,iBAAiB;AACpB,WAAOC,QAAQC,OAAOC,MAAM,qCAAA,CAAA;EAC9B;AAEA,SAAOJ,QAAQK,MAAMC,iBAAiB;IAAEC,KAAKN;EAAgB,CAAA;AAC/D,GAR4B;AAUrB,IAAMO,iBAAiB,8BAAOvB,MAA0Be,YAAAA;AAC7D,QAAM,EAAES,eAAeR,gBAAe,IAAKhB;AAE3C,MAAIgB,oBAAoBS,QAAW;AACjC,WAAOR,QAAQC,OAAOC,MAAM,qCAAA,CAAA;EAC9B;AAEA,MAAIK,kBAAkBC,QAAW;AAC/B,WAAOR,QAAQC,OAAOC,MAAM,oCAAA,CAAA;EAC9B;AAEA,SAAOJ,QAAQK,MAAMM,mBAAmB;IAAEF;IAAeF,KAAKN;EAAgB,CAAA;AAChF,GAZ8B;AAcvB,IAAMW,4BAA4B,8BAAO3B,MAAqCe,YAAAA;AACnF,QAAM,EAAES,eAAeI,0BAA0BC,oBAAmB,IAAK7B;AAEzE,QAAM8B,eAAe,MAAMf,QAAQK,MAAMW,iBAAiB;IACxDH;IACAC;IACAL;IACAQ,cAAc;EAChB,CAAA;AAEA,SAAkDF,aAAaG,KAAMC;AACvE,GAXyC;;;ADzBzC,IAAMC,0BAAyD;EAC7D,CAACC,4BAA4BC,iCAAiC,GAAG;IAC/DC,IAAIF,4BAA4BC;IAChCE,QAAQ;MACNC,KAAKC,0BAA0BJ;MAC/BK,QAAQ;QACNC,QAAQP,4BAA4BQ;QACpCC,aAASC,uBAAO;UACdC,2BAA2B,wBAACC,MAAgCC,WAAgEA,OAAOC,MAAxG;QAC7B,CAAA;MACF;MACAC,SAAS;QACP;UACER,QAAQP,4BAA4BgB;UACpCC,MAAM,wBAACL,MAAgCC,WACrCA,OAAOC,KAAKI,UAAUC,mDAA4BC,4BAD9C;UAENX,aAASC,uBAAO;YACdW,aAAa,wBAACT,MAAgCC,WAAiEA,OAAOC,KAAKQ,cAA9G;YACbC,iBAAiB,wBAACX,MAAgCC,WAChDA,OAAOC,KAAKU,cADG;UAEnB,CAAA;QACF;QACA;UACEjB,QAAQP,4BAA4BkB;UACpCT,aAASC,uBAAO;YACdQ,OAAO,wBAACN,MAAgCC,YAAkD;cACxFY,OAAOC,UAAU,kEAAA;cACjBC,SAASd,OAAOC,KAAKa;cACrBC,OAAOf,OAAOC,KAAKc;YACrB,IAJO;UAKT,CAAA;QACF;;IAEJ;EACF;EACA,CAAC5B,4BAA4BgB,YAAY,GAAG;IAC1Cd,IAAIF,4BAA4BgB;IAChCb,QAAQ;MACNC,KAAKC,0BAA0BW;MAC/BV,QAAQ;QACNC,QAAQP,4BAA4B6B;QACpCpB,aAASC,uBAAO;UACdoB,eAAe,wBAAClB,MAAgCC,WAA2CA,OAAOC,MAAnF;QACjB,CAAA;MACF;MACAC,SAAS;QACPR,QAAQP,4BAA4BkB;QACpCT,aAASC,uBAAO;UACdQ,OAAO,wBAACN,MAAgCC,YAAkD;YACxFY,OAAOC,UAAU,2CAAA;YACjBC,SAASd,OAAOC,KAAKa;YACrBC,OAAOf,OAAOC,KAAKc;UACrB,IAJO;QAKT,CAAA;MACF;IACF;EACF;EACA,CAAC5B,4BAA4B6B,cAAc,GAAG;IAC5C3B,IAAIF,4BAA4B6B;IAChC1B,QAAQ;MACNC,KAAKC,0BAA0BwB;MAC/BvB,QAAQ;QACNC,QAAQP,4BAA4B+B;QACpCtB,aAASC,uBAAO;UACdsB,0BAA0B,wBAACpB,MAAgCC,WAA4DA,OAAOC,MAApG;QAC5B,CAAA;MACF;MACAC,SAAS;QACPR,QAAQP,4BAA4BkB;QACpCT,aAASC,uBAAO;UACdQ,OAAO,wBAACN,MAAgCC,YAAkD;YACxFY,OAAOC,UAAU,wCAAA;YACjBC,SAASd,OAAOC,KAAKa;YACrBC,OAAOf,OAAOC,KAAKc;UACrB,IAJO;QAKT,CAAA;MACF;IACF;EACF;EACA,CAAC5B,4BAA4B+B,iBAAiB,GAAG;IAC/C7B,IAAIF,4BAA4B+B;IAChCE,IAAI;MACF,CAACC,wBAAwBC,wBAAwB,GAAG;QAClD1B,aAASC,uBAAO;UAAE0B,qBAAqB,wBAACxB,MAAgCC,WAA6CA,OAAOC,MAArF;QAA0F,CAAA;MACnI;MACA,CAACoB,wBAAwBG,IAAI,GAAG;QAC9B9B,QAAQP,4BAA4BsC;MACtC;MACA,CAACJ,wBAAwBK,OAAO,GAAG;QACjChC,QAAQP,4BAA4BwC;MACtC;MACA,CAACN,wBAAwBO,QAAQ,GAAG;QAClClC,QAAQP,4BAA4B0C;MACtC;IACF;EACF;EACA,CAAC1C,4BAA4BsC,yBAAyB,GAAG;IACvDpC,IAAIF,4BAA4BsC;IAChCnC,QAAQ;MACNC,KAAKC,0BAA0BiC;MAC/BhC,QAAQ;QACNC,QAAQP,4BAA4BC;QACpCQ,aAASC,uBAAO;UACdiC,mCAAmC,wBAAC/B,MAAgCC,WAAoCA,OAAOC,MAA5E;QACrC,CAAA;MACF;MACAC,SAAS;QACPR,QAAQP,4BAA4BkB;QACpCT,aAASC,uBAAO;UACdQ,OAAO,wBAACN,MAAgCC,YAAkD;YACxFY,OAAOC,UAAU,yCAAA;YACjBC,SAASd,OAAOC,KAAKa;YACrBC,OAAOf,OAAOC,KAAKc;UACrB,IAJO;QAKT,CAAA;MACF;IACF;EACF;EACA,CAAC5B,4BAA4B0C,OAAO,GAAG;IACrCxC,IAAIF,4BAA4B0C;IAChCE,MAAM;EACR;EACA,CAAC5C,4BAA4BwC,QAAQ,GAAG;IACtCtC,IAAIF,4BAA4BwC;IAChCI,MAAM;EACR;EACA,CAAC5C,4BAA4BkB,KAAK,GAAG;IACnChB,IAAIF,4BAA4BkB;IAChC0B,MAAM;EACR;EACA,CAAC5C,4BAA4BQ,IAAI,GAAG;IAClCN,IAAIF,4BAA4BQ;IAChCoC,MAAM;EACR;AACF;AAEA,IAAMC,oCAAoC,wBAACC,SAAAA;AACzC,QAAMC,iBAA2C;IAC/CC,uBAAuBF,KAAKE;IAC5BC,SAASH,KAAKG;IACdb,qBAAqB,CAAA;EACvB;AAEA,aAAOc,8BAAqE;IAC1EhD,IAAI4C,MAAMK,aAAa;IACvBC,4BAA4B;IAC5BC,SAASrD,4BAA4BC;IACrCqD,SAASP;IACTQ,QAAQxD;IACRyD,QAAQ;MACNC,QAAQ,CAAC;MACTC,UAAU,CAAC;IAcb;EACF,CAAA;AACF,GA/B0C;AAiCnC,IAAMC,oBAAN,MAAMA,mBAAAA;EApMb,OAoMaA;;;EACX,OAAeC;EAEf,OAAOC,cAAuB;AAC5B,WAAOF,mBAAkBC,cAAcE;EACzC;EAEA,WAAWC,WAAyC;AAClD,QAAI,CAACJ,mBAAkBC,WAAW;AAChC,YAAMI,MAAM,gDAAA;IACd;AACA,WAAOL,mBAAkBC;EAC3B;EAEA,OAAOK,cAAcnB,MAAyB;AAC5C,UAAM,EAAEoB,KAAI,IAAKpB;AACjB,QAAIa,mBAAkBE,YAAW,GAAI;AACnC,UAAIK,MAAM;AACRP,2BAAkBQ,aAAY;MAChC;IACF;AACAR,uBAAkBC,YAAYE;EAChC;EAEA,OAAOK,eAAqB;AAC1B,QAAI,CAACR,mBAAkBE,YAAW,GAAI;AACpC;IACF;AACAF,uBAAkBI,SAASG,KAAI;AAC/BP,uBAAkBC,YAAYE;EAChC;EAEA,OAAcM,YAAYtB,MAAmE;AAC3F,UAAM,EAAEuB,aAAY,IAAKvB;AACzB,UAAMY,WAAgD;MACpD,CAACrD,0BAA0BJ,iCAAiC,GAAGA;MAC/D,CAACI,0BAA0BW,YAAY,GAAG,CAACsD,SAA2BtD,aAAasD,MAAMD,YAAAA;MACzF,CAAChE,0BAA0BwB,cAAc,GAAG,CAACyC,SAA6BzC,eAAeyC,MAAMD,YAAAA;MAC/F,CAAChE,0BAA0BiC,yBAAyB,GAAG,CAACgC,SAAwChC,0BAA0BgC,MAAMD,YAAAA;IAClI;AAEA,UAAME,cAAwCC,0BAC5C3B,kCAAkCC,IAAAA,EAAM2B,WAAW;MACjDf,UAAU;QACR,GAAGA;QACH,GAAGZ,MAAMY;MACX;MACAgB,QAAQ;QACN,GAAG5B,MAAM4B;MACX;IACF,CAAA,CAAA;AAGF,QAAI,OAAO5B,MAAM6B,iBAAiB,YAAY;AAC5CJ,cAAQK,aAAa9B,KAAK6B,YAAY;IACxC;AAEA,QAAI7B,MAAM+B,gCAAgC,MAAM;AAC9CN,cAAQK,aAAa,CAACE,aAAAA;AACpB,YAAIhC,MAAMiC,yBAAyB;AACjC,eAAKjC,KAAKiC,wBAAwBR,SAASO,QAAAA;QAC7C;MACF,CAAA;IACF;AAEA,WAAOP;EACT;EAEA,OAAOS,YACLlC,MAG8B;AAC9B,QAAI,CAACa,mBAAkBC,WAAW;AAChC,UAAId,MAAMmC,oBAAoB,MAAM;AAClC,cAAMjB,MAAM,oFAAoF;MAClG;AACAL,yBAAkBC,YAAYD,mBAAkBS,YAAYtB,IAAAA;IAC9D;AACA,WAAOa,mBAAkBC;EAC3B;AACF;;;AElQO,IAAMsB,mCAAmC,8BAC9CC,SAAAA;AAEA,QAAM,EAAEC,mBAAmBC,wBAAuB,IAAKF;AAEvD,SAAOG,iCAAiC;IACtC,GAAID,2BAA2B;MAAEE,gCAAgC,MAAMC,0CAA0C;QAAEH;MAAwB,CAAA;IAAG;IAC9I,GAAID,qBAAqB;MAAEK,0BAA0B,MAAMC,oCAAoC;QAAEN;MAAkB,CAAA;IAAG;EACxH,CAAA;AACF,GATgD;AAWzC,IAAMM,sCAAsC,8BACjDP,SAAAA;AAEA,QAAM,EAAEC,kBAAiB,IAAKD;AAC9B,SAAOC,kBAAkBO,OAAO,CAACC,gBAAgBC,YAAAA;AAC/C,UAAMC,YAAYD,QAAQE,UAAU;AACpCH,mBAAeI,IAAIF,WAAWD,OAAAA;AAC9B,WAAOD;EACT,GAAG,oBAAIK,IAAAA,CAAAA;AACT,GATmD;AAW5C,IAAMT,4CAA4C,8BACvDL,SAAAA;AAEA,QAAM,EAAEE,wBAAuB,IAAKF;AACpC,QAAMe,eAAe,oBAAID,IAAAA;AAEzB,QAAME,qBAAqB,wBAACC,OAAYC,YAAoB,OAAE;AAC5DC,WAAOC,QAAQH,KAAAA,EAAOI,QAAQ,CAAC,CAACC,KAAKC,KAAAA,MAAM;AACzC,UAAID,QAAQ,eAAeA,QAAQ,cAAc;AAC/C;MACF;AAEA,UAAIA,QAAQ,aAAaE,MAAMC,QAAQF,KAAAA,GAAQ;AAC7CA,cAAMF,QAAQ,CAAC,EAAEK,MAAMd,SAAS,GAAE,MAAiB;AACjD,cAAI,CAACc,MAAM;AACT;UACF;AAGA,cAAI,CAACX,aAAaY,IAAIf,MAAAA,GAAS;AAC7BG,yBAAaF,IAAID,QAAQ,CAAA,CAAE;UAC7B;AACAG,uBAAaa,IAAIhB,MAAAA,EAASiB,KAAK;YAAEP,KAAKJ;YAAWQ;UAAK,CAAA;QACxD,CAAA;MACF,WAAW,OAAOH,UAAU,YAAYA,UAAU,MAAM;AACtDP,2BAAmBO,OAAOL,YAAY,GAAGA,SAAAA,IAAaI,GAAAA,KAAQA,GAAAA;MAChE;IACF,CAAA;EACF,GAtB2B;AAwB3BN,qBAAmBd,uBAAAA;AACnB,SAAOa;AACT,GAhCyD;AAkClD,IAAMe,sCAAsC,8BAAO9B,SAAAA;AACxD,QAAM,EAAEC,kBAAiB,IAAKD;AAE9B,SAAO;IACL,GAAIC,kBAAkByB,QAAQ;MAC5BK,OAAO9B,kBAAkByB;IAC3B;IACA,GAAIzB,kBAAkBW,UAAU;MAC9BA,QAAQX,kBAAkBW;IAC5B;IACA,GAAIX,kBAAkB+B,QAAQ;MAC5BA,MAAM;QACJ,IAAK/B,kBAAkB+B,KAAKC,OAAehC,kBAAkB+B,KAAKE,QAAQ;UACxEA,KAAKjC,kBAAkB+B,MAAMC,OAAehC,kBAAkB+B,KAAKE;QACrE;QACA,GAAIjC,kBAAkB+B,KAAKG,YAAY;UACrCC,KAAKnC,kBAAkB+B,MAAMG;QAC/B;MACF;IACF;IACA,GAAIlC,kBAAkBoC,eAAe;MACnCA,aAAapC,kBAAkBoC;IACjC;IAEA,GAAIpC,kBAAkBqC,cAAc;MAClCC,MAAM;QACJC,OAAOvC,kBAAkBqC;MAC3B;IACF;IACA,IAAKrC,kBAAkBwC,oBAAoBxC,kBAAkByC,qBAAqB;MAChFC,YAAY;QACV,GAAI1C,kBAAkBwC,oBAAoB;UACxCG,OAAO;YACL,IAAK3C,kBAAkBwC,iBAAiBR,OAAehC,kBAAkBwC,iBAAiBP,QAAQ;cAChGA,KAAKjC,kBAAkBwC,kBAAkBR,OAAehC,kBAAkBwC,iBAAiBP;YAC7F;YACA,GAAIjC,kBAAkBwC,iBAAiBN,YAAY;cACjDC,KAAKnC,kBAAkBwC,kBAAkBN;YAC3C;UACF;QACF;QACA,GAAIlC,kBAAkByC,oBAAoB;UACxCF,OAAOvC,kBAAkByC;QAC3B;MACF;IACF;EACF;AACF,GA/CmD;AAiD5C,IAAMvC,mCAAmC,8BAC9CH,SAAAA;AAEA,QAAM,EACJM,2BAA2B,oBAAIQ,IAAAA,GAC/BV,iCAAiC,oBAAIU,IAAAA,EAA2C,IAC9Ed;AAEJ,QAAM6C,UAAyBrB,MAAMsB,KAAK,oBAAIC,IAAI;OAAI3C,+BAA+B4C,KAAI;OAAO1C,yBAAyB0C,KAAI;GAAG,CAAA;AAEhI,SAAOC,QAAQC,IACbL,QAAQM,IAAI,OAAOvC,WAAAA;AACjB,UAAMF,UAAUJ,yBAAyBsB,IAAIhB,MAAAA;AAC7C,UAAMwC,SAAShD,+BAA+BwB,IAAIhB,MAAAA;AAElD,WAAO;MACL,GAAIF,WAAY,MAAMoB,oCAAoC;QAAE7B,mBAAmBS;MAAQ,CAAA;MACvF,GAAIE,OAAOyC,SAAS,KAAK;QAAEzC;MAAO;MAClCwC;IACF;EACF,CAAA,CAAA;AAEJ,GAtBgD;AAwBzC,IAAME,iCAAiC,8BAAOtD,SAAAA;AACnD,QAAM,EAAEC,mBAAmBsD,eAAc,IAAKvD;AAE9C,SAAOwD,+BAA+B;IACpC,GAAID,kBAAkB;MAAEA,gBAAgB,MAAME,gCAAgC;QAAEF;MAAe,CAAA;IAAG;IAClG,GAAItD,qBAAqB;MAAEK,0BAA0B,MAAMoD,kCAAkC;QAAEzD;MAAkB,CAAA;IAAG;EACtH,CAAA;AACF,GAP8C;AASvC,IAAMyD,oCAAoC,8BAC/C1D,SAAAA;AAEA,QAAM,EAAEC,kBAAiB,IAAKD;AAC9B,SAAOC,kBAAkBO,OAAO,CAACC,gBAAgBC,YAAAA;AAC/C,UAAMC,YAAYD,QAAQiD,QAAQ;AAClClD,mBAAeI,IAAIF,WAAWD,OAAAA;AAC9B,WAAOD;EACT,GAAG,oBAAIK,IAAAA,CAAAA;AACT,GATiD;AAW1C,IAAM2C,kCAAkC,8BAC7CzD,SAAAA;AAEA,QAAM,EAAEuD,eAAc,IAAKvD;AAC3B,QAAMe,eAAe,oBAAID,IAAAA;AAEzByC,iBAAelC,QAAQ,CAACJ,UAAAA;AACtBA,UAAMP,SAASW,QAAQ,CAACX,YAAAA;AACtB,YAAM,EAAEiD,OAAO,IAAIC,MAAK,IAAKlD;AAC7B,YAAMY,MAAML,MAAM4C,KAAKV,IAAI,CAAC5B,UAA0BuC,OAAOvC,KAAAA,CAAAA,EAAQwC,KAAK,GAAA;AAC1E,UAAI,CAAChD,aAAaY,IAAIgC,IAAAA,GAAO;AAC3B5C,qBAAaF,IAAI8C,MAAM,CAAA,CAAE;MAC3B;AACA5C,mBAAaa,IAAI+B,IAAAA,EAAO9B,KAAK;QAAEP;QAAKI,MAAMkC;MAAM,CAAA;IAClD,CAAA;EACF,CAAA;AAEA,SAAO7C;AACT,GAlB+C;AAoBxC,IAAMiD,oCAAoC,8BAAOhE,SAAAA;AACtD,QAAM,EAAEC,kBAAiB,IAAKD;AAE9B,SAAO;IACL,GAAIC,kBAAkByB,QAAQ;MAC5BK,OAAO9B,kBAAkByB;IAC3B;IACA,GAAIzB,kBAAkB0D,QAAQ;MAC5B/C,QAAQX,kBAAkB0D;IAC5B;IACA,GAAI1D,kBAAkBgE,WAAWC,QAAQlC,QAAQ;MAC/CA,MAAM;QACJ,GAAI/B,kBAAkBgE,UAAUC,OAAOlC,KAAKE,OAAO;UACjDA,KAAKjC,kBAAkBgE,UAAUC,OAAOlC,KAAKE;QAC/C;QACA,GAAIjC,kBAAkBgE,UAAUC,OAAOlC,KAAKG,YAAY;UACtDC,KAAKnC,kBAAkBgE,UAAUC,OAAOlC,KAAKG;QAC/C;MACF;IACF;IACA,GAAIlC,kBAAkBoC,eAAe;MACnCA,aAAapC,kBAAkBoC;IACjC;IACA,GAAIpC,kBAAkBgE,WAAWC,QAAQ5B,cAAc;MACrDC,MAAM;QACJC,OAAOvC,kBAAkBgE,UAAUC,OAAO5B;MAC5C;IACF;IACA,GAAIrC,kBAAkBgE,WAAWC,QAAQxB,oBAAoB;MAC3DC,YAAY;QACVH,OAAOvC,kBAAkBgE,UAAUC,OAAOxB;MAC5C;IACF;EACF;AACF,GAlCiD;AAoC1C,IAAMc,iCAAiC,8BAAOxD,SAAAA;AACnD,QAAM,EAAEM,2BAA2B,oBAAIQ,IAAAA,GAAyCyC,iBAAiB,oBAAIzC,IAAAA,EAA2C,IAC9Id;AAEF,QAAM6C,UAAyBrB,MAAMsB,KAAK,oBAAIC,IAAI;OAAIQ,eAAeP,KAAI;OAAO1C,yBAAyB0C,KAAI;GAAG,CAAA;AAEhH,SAAOC,QAAQC,IACbL,QAAQM,IAAI,OAAOvC,WAAAA;AACjB,UAAMF,UAAUJ,yBAAyBsB,IAAIhB,MAAAA;AAC7C,UAAMwC,SAASG,eAAe3B,IAAIhB,MAAAA;AAElC,WAAO;MACL,GAAIF,WAAY,MAAMsD,kCAAkC;QAAE/D,mBAAmBS;MAAQ,CAAA;MACrF,GAAIE,OAAOyC,SAAS,KAAK;QAAEzC;MAAO;MAClCwC;IACF;EACF,CAAA,CAAA;AAEJ,GAlB8C;AAqBvC,IAAMe,2BAA2B,8BAAOnE,SAAAA;AAC7C,QAAM,EAAEoE,eAAeC,kCAAiC,IAAKrE;AAE7D,SAAO;IACL,GAAIqE,mCAAmCC,eAAe;MACpDvC,OAAOsC,kCAAkCC;IAC3C;IACA,GAAIF,cAAc1C,QAAQ;MACxBK,OAAOqC,cAAc1C;IACvB;IACA,GAAI0C,cAAcxD,UAAU;MAC1BA,QAAQwD,cAAcxD;IACxB;IACA,IAAKwD,cAAcpC,QAAQqC,mCAAmCE,aAAa;MACzEvC,MAAM;QACJ,GAAIqC,mCAAmCE,YAAY;UACjDrC,KAAKmC,mCAAmCE;QAC1C;QACA,IAAKH,cAAcpC,MAAMC,OAAemC,cAAcpC,MAAME,QAAQ;UAClEA,KAAKkC,cAAcpC,MAAMC,OAAemC,cAAcpC,MAAME;QAC9D;QACA,GAAIkC,cAAcpC,MAAMG,YAAY;UAClCC,KAAKgC,cAAcpC,MAAMG;QAC3B;MACF;IACF;IACA,GAAIiC,cAAc/B,eAAe;MAC/BA,aAAa+B,cAAc/B;IAC7B;IACA,GAAI+B,cAAc9B,cAAc;MAC9BC,MAAM;QACJC,OAAO4B,cAAc9B;MACvB;IACF;IACA,GAAI+B,mCAAmCG,cAAc;MACnDC,WAAWJ,kCAAkCG;IAC/C;IACA,GAAIH,mCAAmCK,WAAW;MAChDC,QAAQN,kCAAkCK;IAC5C;IACA,GAAIL,mCAAmCO,cAAc;MACnDC,WAAWR,kCAAkCO;IAC/C;IACA,GAAIP,mCAAmCS,YAAY;MACjDA,UAAUT,kCAAkCS;IAC9C;EACF;AACF,GA/CwC;;;AHlLjC,IAAMC,wBAAwB,8BAAOC,SAAAA;AAC1C,QAAM,EAAEC,sBAAsBC,QAAO,IAAKF;AAC1C,QAAMG,qBAA4E,CAAC;AACnF,QAAMC,QAAQC,IACZC,OAAOC,QAAQN,oBAAAA,EAAsBO,IAAI,OAAO,CAACC,UAAUC,0BAAAA,MAA2B;AACpF,QAAIC;AACJ,QAAID,2BAA2BE,WAAW,aAAa;AACrD,YAAMC,MAAoFH,2BAA4BG;AACtH,UAAIA,IAAIC,WAAW,MAAA,GAAS;AAC1B,YAAI;AACFH,8BAAoB,MAAMT,QAAQa,MAAMC,iCAAiC;YAAEH;UAAI,CAAA;QACjF,QAAQ;QAER;MACF;IACF;AACA,QAAII,uBAA8D,CAAA;AAClE,QAAIN,mBAAmB;AACrBM,6BAAuB,MAAMC,+BAA+B;QAC1DC,mBAAmBR,kBAAkBS;QACrCC,gBAAgBV,kBAAkBW;MACpC,CAAA;IACF,OAAO;AACLL,6BAAuB,MAAMM,iCAAiC;QAC5DJ,mBAAmBT,2BAA2BU;QAC9CI;;UAEEvB,qBAAqBqB,WAAWG,SAAYf,2BAA2BY,SAASZ,2BAA2BgB;;MAC/G,CAAA;IACF;AAEA,UAAMC,iBAAiB,MAAMvB,QAAQC,IACnCY,qBAAqBT,IACnB,OAAOmB,oBAA4D,MAAMzB,QAAQa,MAAMa,+BAA+B;MAAED,gBAAAA;IAAe,CAAA,CAAA,CAAA;AAG3I,UAAME,wBAAwB;AAC9B,UAAMC,2BAAuBC,wDAAgCrB,0BAAAA;AAC7D,UAAMsB,kBAAiCF,qBAAqBG,WAAW,QAAIC,sBAAQL,qBAAAA,IAAyBC;AAC5G,UAAMK,0BAA0BH,gBAAgBI,OAAO,CAACC,SAA0BA,SAASR,qBAAAA;AAC3F1B,uBAAmBgC,wBAAwB,CAAA,CAAE,IAAIR;EACnD,CAAA,CAAA;AAGF,SAAOxB;AACT,GA7CqC;AA+C9B,IAAMmC,+BAA+B,8BAAOtC,SAAAA;AACjD,QAAM,EAAEoB,SAASmB,mCAAmCrC,QAAO,IAAKF;AAChE,SAAO,MAAMI,QAAQC,IACnBe,QAAQZ,IAAI,OAAOgC,kBAAAA;AAEjB,UAAMC,WAAW,MAAMC,yBAAyB;MAAEF;MAAeD;IAAkC,CAAA;AACnG,WAAOrC,QAAQa,MAAM4B,2BAA2B;MAAEhB,gBAAgBc;IAAS,CAAA;EAC7E,CAAA,CAAA;AAEJ,GAT4C;AAWrC,IAAMG,wCAAwC,8BACnD5C,SAAAA;AAEA,QAAM,EAAE6C,qBAAqBC,YAAW,IAAK9C;AAC7C,QAAM+C,cAAc,CAAC;AACrBzC,SAAOC,QAAQuC,WAAAA,EAAaE,QAAQ,CAAC,CAACC,KAAKC,MAAAA,MAAO;AAChD,UAAMC,SAAS,CAACD,OAAOtC,UAAUiC,oBAAoBrC,IAAI,CAAC4C,SAASA,KAAKC,YAAW,CAAA,EAAIC,SAASJ,OAAOtC,OAAOyC,YAAW,CAAA;AACzH,QAAIF,QAAQ;AACVJ,kBAAYE,GAAAA,IAAOC;IACrB;EACF,CAAA;AAEA,SAAOH;AACT,GAbqD;AAe9C,IAAMQ,iCAAiC,8BAC5CvD,SAAAA;AAEA,QAAM,EAAEwD,QAAQ7B,eAAc,IAAK3B;AAEnC,SAAO2B,gBAAgB8B,KACrB,CAAChB,aACCe,SAASf,SAASe,QAAQ1C,WAAW0C,MAAAA,KAAWf,SAASe,WAAW/B,SAAYgB,SAASe,WAAW/B,MAAAA;AAE1G,GAT8C;AAWvC,IAAMiC,2BAA2B,8BAAO1D,SAAAA;AAC7C,QAAM,EAAE2D,kBAAkBC,QAAQC,8BAA8BC,kBAAkB5D,QAAO,IAAKF;AAE9F,QAAM+D,aAAaC,8BAA8BL,iBAAiBM,mBAAmBC,kBAAkB;AAEvG,QAAMC,YAAYC,kCAAiBC,8BAA8BN,YAAY;IAAEH,QAAQA,UAAUU;EAAc,CAAA;AAC/G,MACEH,UAAUI,SAASC,KAAKlB,SAAS,WAAA,MAChC,OAAOa,UAAUI,SAASE,IAAIC,WAAW,WACtCP,UAAUI,SAASE,IAAIC,QAAQpB,SAAS,WAAA,IACxCa,UAAUI,SAASE,IAAIC,QAAQC,oBAAoBrB,SAAS,WAAA,IAChE;AAGA,UAAMpD,QAAQa,MAAM6D,eAAe;MAAEb;MAAYH;MAAQiB,kBAAkBf;IAAiB,CAAA;AAC5F,QAAIgB,KAAKC,UAAUZ,UAAUI,OAAO,EAAEjB,SAAS,qBAAA,GAAwB;AACrE,aAAO;QAAE0B,QAAQb;QAAWc,OAAOxD;QAAW0B,QAAQ;QAAM+B,YAAY,CAAA;MAAG;IAC7E;AAEA,QAAIrB,8BAA8B;AAChC,UAAI;AACF,cAAMA,6BAA6B;UACjCsB,WAAWhB;QACb,CAAA;MACF,SAASiB,GAAG;AACV,eAAO;UAAEJ,QAAQb;UAAWc,OAAOG,EAAEC;UAASlC,QAAQ;UAAM+B,YAAY,CAAA;QAAG;MAC7E;IACF;EACF;AAEA,QAAMI,qBAAyC,MAAMpF,QAAQa,MAAMwE,mBAAmB;IACpFxB;IACAH;;IAEA4B,qBAAqB;IACrBC,UAAU;MACR3B;MACA4B,kBAAkB;MAClBC,gBAAgB;MAChBC,cAAc;IAChB;EACF,CAAA;AAEA,MAAI,CAACN,mBAAmBnC,UAAUmC,mBAAmBL,OAAO;AAC1D,WAAO7E,QAAQyF,OAAOC,MAAMR,mBAAmBL,SAASc,UAAU,wDAAA,CAAA,CAAA;EACpE;AACA,SAAOT;AACT,GA/CwC;AAiDjC,IAAMU,wBAAwB,8BAAOhG,SAAAA;AAC1C,QAAM,EAAEiE,oBAAoBL,OAAM,IAAK5D;AAEvC,QAAMiG,uBAAuBjC,8BAA8BC,mBAAmBC,kBAAkB;AAEhG,QAAMgC,8BAA2D9B,kCAAiBC,8BAChF4B,sBACA;IAAErC;EAAO,CAAA;AAEX,MAAIuC;AACJ,MAAI/B,kCAAiBgC,yBAAyBF,4BAA4BnC,UAAU,GAAG;AACrFoC,sCAA8BE,4DAA4EH,4BAA4BnC,UAAU;EAClJ,WAAWK,kCAAiBkC,eAAeJ,4BAA4BnC,UAAU,GAAG;AAClF,QAAI,CAACH,QAAQ;AACX,aAAOxD,QAAQyF,OAAO,qDAAA;IACxB;AACA,UAAMU,cAAsB,wBAACC,MAAgDC,cAAsBrG,QAAQsG,QAAQ9C,OAAO4C,MAAMC,SAAAA,CAAAA,GAApG;AAC5B,UAAME,eAAe,MAAMvC,kCAAiBwC,mBAAmBV,4BAA4BnC,YAAYwC,WAAAA;AACvGJ,sCAA8BE,4DAA4EM,YAAAA;EAC5G,WAAWvC,kCAAiByC,2BAA2BX,4BAA4BnC,UAAU,GAAG;AAC9FoC,sCAA8BW,2DAAyCZ,4BAA4BnC,UAAU;EAC/G,OAAO;AACLoC,kCAAqDD,4BAA4BnC;EACnF;AAEA,QAAMgD,gBACJ,OAAOZ,4BAA4BzB,WAAW,WAC1CyB,4BAA4BzB,SAC5BN,kCAAiBgC,yBAAyBD,2BAAAA,IACxCA,4BAA4Ba,eAAexC,MAC3C2B,4BAA4BzB,OAAOuC;AAE3C,QAAM/C,qBAAqBD,mBAAmBC;AAC9C,SAAO;IACL6C;IACA9C;IACAiD,OAAOjD,mBAAmBiD;IAC1BC,yBAAyBlB;IACzBE;IACA,GAAIjC,mBAAmBkD,+BAA+B;MAAEA,6BAA6BlD,mBAAmBkD;IAA4B;EACtI;AACF,GAzCqC;AA2C9B,IAAMpD,gCAAgC,wBAACE,uBAAAA;AAC5C,MAAIH;AAEJ,MAAI,gBAAgBG,oBAAoB;AACtCH,iBAAaG,mBAAmBH;EAClC,WACE,iBAAiBG,sBACjBA,mBAAmBpB,eACnBuE,MAAMC,QAAQpD,mBAAmBpB,WAAW,KAC5CoB,mBAAmBpB,YAAYb,SAAS,GACxC;AACA8B,iBAAaG,mBAAmBpB,YAAY,CAAA,EAAGiB;EACjD;AAEA,MAAI,CAACA,YAAY;AACf,UAAM,IAAI+B,MAAM,4CAAA;EAClB;AAEA,SAAO/B;AACT,GAnB6C;AAqBtC,IAAMwD,oBAAoB,8BAAOvH,SAAAA;AACtC,QAAM,EAAEwH,aAAatH,QAAO,IAAKF;AACjC,QAAM,EAAEyH,YAAYC,cAAa,IAAKF;AACtC,MAAIE,qBAAiBC,+CAA0BD,aAAAA,GAAgB;AAC7D,WAAOA;EACT;AACA,QAAM,EACJE,6BACAC,yBACAC,UAAU,aACVC,MAAM,MAAM7H,QAAQa,MAAMiH,wCAAuC,EAAE,IACjER;AACJ,MAAIC;AAEJ,MAAIC,eAAe;AACjB,YAAIO,mCAAcP,cAAcD,UAAU,GAAG;AAC3CA,mBAAa,MAAMvH,QAAQa,MAAMmH,qBAAqBR,aAAAA;IACxD,WAAW,CAACA,cAAcS,UAAUX,YAAYK,wBAAwBvE,SAAS,KAAA,GAAQ;AACvFmE,mBAAa,UAAMW,4CAAuBV,eAAexH,OAAAA;IAC3D,WAAWwH,cAAcS,UAAU,CAACN,wBAAwBvE,SAASoE,cAAcS,MAAM,GAAG;AAC1F,YAAMrC,MAAM,8BAA8B4B,cAAcS,MAAM,iCAAiCN,wBAAwBQ,KAAK,GAAA,CAAA,EAAM;IACpI,OAAO;AACLZ,mBAAa,MAAMvH,QAAQa,MAAMmH,qBAAqBR,aAAAA;IACxD;EACF;AACA,QAAMY,eAAe;IAAE,GAAGpI;IAASa,OAAOb,QAAQa;EAAmB;AAErE,OACG,CAAC2G,qBAAiBO,mCAAcP,cAAcD,UAAU,MACzDG,gCACC,CAACC,2BAA2BA,wBAAwB5F,WAAW,KAAK4F,wBAAwBzF,OAAO,CAAC+F,WAAWA,OAAOrH,WAAW,KAAA,CAAA,IAClI;AAEA,UAAM,EAAEqC,QAAQoF,QAAO,IAAK,UAAMC,kDAA6BF,cAAc;MAC3EH,QAAQP;MACRa,YAAY;QACVC,SAAS;UACPrG,MAAMmF,YAAYM;UAClBa,KAAKC,0BAAOC;UACZC,WAAWtB,YAAYsB;UACvBf,KAAKP,YAAYO;QACnB;MACF;IACF,CAAA;AACAN,iBAAa,MAAMvH,QAAQa,MAAMgI,0BAA0B;MACzDtB,YAAYtE;MACZ2E;MACAkB,4BAA4B7F,OAAO8F,IAAInI,WAAW,WAAA;IACpD,CAAA;AACA,QAAIyH,SAAS;AACX,YAAMD,aAAavH,MAAMmI,KAAKC,mBAAmBC,oBAAoB;QAAE3B;MAAW,CAAA;IACpF;EACF,WAAWI,wBAAwBvE,SAAS,KAAA,GAAQ;AAElD,UAAML,MAAM,MAAM/C,QAAQa,MAAMsI,iBAAiB;MAAEhH,MAAMyF;MAASC;MAAKuB,MAAM;QAAEC,UAAU,OAAOzB,OAAAA,IAAW0B,KAAKC,IAAG,CAAA;MAAK;IAAE,CAAA;AAE1HhC,iBAAa,UAAMW,4CAAuB;MAAED,QAAQ;MAAOV,YAAYxE;MAAKyG,WAAWzG,IAAI0G;IAAI,GAAGzJ,OAAAA;EAIpG,OAAO;AACL,UAAM4F,MAAM,qDAAqD+B,wBAAwBQ,KAAK,GAAA,CAAA,EAAM;EACtG;AACArI,OAAKwH,YAAYC,aAAaA;AAC9B,SAAOA;AACT,GAjEiC;AAmE1B,IAAMmC,sCAAsC,8BACjD5J,SAAAA;AAEA,MAAImD,SAAS,CAAC;AACZ,GAAA,MAAM0G,8BAA8B7J,IAAAA,GAAOgD,QAAQ,CAAC8G,cAAAA;AACpD3G,aAAS;MAAE,GAAGA;MAAQ,GAAG2G;IAAU;EACrC,CAAA;AACA,SAAO3G;AACT,GARmD;AAU5C,IAAM0G,gCAAgC,8BAC3C7J,SAAAA;AAEA,QAAM,EAAEkH,OAAO6C,iBAAgB,IAAK/J;AACpC,MAAIqH,MAAMC,QAAQJ,KAAAA,KAAUA,MAAMjF,SAAS,GAAG;AAC5C,WAAO7B,QAAQC,IAAI6G,MAAM1G,IAAI,CAAC6B,SAAS2H,8CAA8C;MAAE,GAAGhK;MAAMkH,OAAO7E;IAAK,CAAA,CAAA,CAAA;EAC9G,WAAWgF,MAAMC,QAAQyC,gBAAAA,KAAqBA,iBAAiB9H,SAAS,GAAG;AACzE,WAAO7B,QAAQC,IACb0J,iBAAiBvJ,IAAI,CAACyJ,oBACpBD,8CAA8C;MAC5C,GAAGhK;MACHiK;MACA/C,OAAOzF;IACT,CAAA,CAAA,CAAA;EAGN;AACA,QAAMyI,UAAU,MAAMF,8CAA8C;IAClE,GAAGhK;IACHkH,OAAOzF;IACPwI,iBAAiBxI;EACnB,CAAA;AACA,SAAOyI,WAAW5J,OAAO6J,KAAKD,OAAAA,EAASjI,SAAS,IAAI;IAACiI;MAAW,CAAA;AAClE,GAvB6C;AA6BtC,IAAMF,gDAAgD,8BAC3DhK,SAAAA;AAEA,QAAM,EAAEoK,QAAQvH,qBAAqBoH,gBAAe,IAAKjK;AACzD,MAAI,EAAEY,SAASa,QAAWyF,QAAQzF,OAAS,IAAKzB;AAEhD,WAASqK,kBAAkBP,WAA2C;AACpE,UAAMlJ,UAASkJ,UAAUlJ;AACzB,UAAMyB,WAAeiI,2CAAmBR,SAAAA,GAAYzB,KAAAA,KAAU;AAC9D,UAAMpB,KAAK,GAAG5E,IAAAA,IAAQzB,OAAAA;AACtB,WAAOqG;EACT;AALSoD;AAOT,MAAIJ,iBAAiB;AACnB,UAAMM,gBAAeH,OAAOI,wBAAwB/I,QAAWb,MAAAA;AAC/D,WAAON,OAAOmK,YACZnK,OAAOC,QAAQgK,aAAAA,EAAcnI,OAC3B,CAAC,CAAC6E,IAAI6C,SAAAA,MAAe7C,OAAOgD,mBAAmBH,UAAU7C,OAAOgD,mBAAmBI,kBAAkBP,SAAAA,MAAeG,eAAAA,CAAAA;EAG1H;AAEA,MAAI,CAACG,OAAOM,iBAAiB;AAC3B,WAAOtK,QAAQyF,OAAOC,MAAM,yCAAA,CAAA;EAC9B;AACA,MAAI,CAACoB,OAAO;AACV,WAAO9G,QAAQyF,OAAOC,MAAM,+BAAA,CAAA;EAC9B;AAEA,QAAM6E,qBAAiBC,gDAAwB;IAC7C1D,OAAO;MAACA;;IACRtG;IACAiK,SAAST,OAAOS,QAAO;IACvBC,gBAAgBV,OAAOW,iBAAiBC;EAC1C,CAAA;AACA,MAAIT;AAEJ,MAAI,CAAClD,MAAMC,QAAQqD,cAAAA,GAAiB;AAClCJ,mBAAeI;EACjB,OAAO;AACLJ,mBAAe,CAAC;AAChBI,mBAAe3H,QAAQ,CAAC8G,cAAAA;AACtB,UAAIA,UAAU7C,IAAI;AAChBsD,qBAAaT,UAAU7C,EAAE,IAAc6C;AACvC;MACF;AACA,YAAM7C,KAAKoD,kBAAkBP,SAAAA;AAC7BS,mBAAatD,EAAAA,IAAM6C;IACrB,CAAA;EACF;AAEA,MAAImB,6BAA6B,MAAMrI,sCAAsC;IAC3EE,aAAayH;IACb1H;EACF,CAAA;AACA,MAAI,CAACoI,8BAA8B3K,OAAO6J,KAAKc,0BAAAA,EAA4BhJ,WAAW,GAAG;AACvFiJ,+BAAIC,QAAQ,8CAA8Cf,OAAOgB,UAAS,CAAA,EAAI;EAChF;AAEA,MAAIhB,OAAOM,oBAAoBjJ,QAAW;AACxC,WAAOwJ;EACT;AAEA,QAAMP,kBAAkBN,OAAOM,gBAAgBW;AAE/C,MAAIC;AACJ,MAAI,kCAAkCZ,iBAAiB;AACrDY,yBAAqBhL,OAAOmK,YAC1BnK,OAAOC,QAAQ0K,0BAAAA,EAA4B7I,OAAO,CAAC,CAAC3B,UAAUyC,MAAAA,MAAYwH,gBAAgBa,6BAA6BjI,SAAS7C,QAAAA,CAAAA,CAAAA;AAElI,QAAIH,OAAO6J,KAAKmB,kBAAAA,EAAoBrJ,WAAW,GAAG;AAChD,YAAM,IAAI6D,MAAM,4DAA4D4E,gBAAgBa,6BAA6BlD,KAAK,IAAA,CAAA,EAAO;IACvI;EACF,OAAO;AACLiD,yBAAqBL;EACvB;AACA,MAAI3K,OAAO6J,KAAKmB,kBAAAA,EAAoBrJ,WAAW,GAAG;AAEhD,UAAM,IAAI6D,MAAM,0DAA0D;EAC5E;AAEA,SAAOwF;AACT,GAlF6D;AAoFtD,IAAME,kBAAkB,8BAAOxL,SAAAA;AACpC,QAAM;IACJoK;IACAnK;;IAEAC;IACAuL;IACAC;IACAC;IACAC;EAAgB,IACd5L;AAEJ,MAAIC,yBAAyBwB,UAAanB,OAAO6J,KAAKlK,oBAAAA,EAAsBgC,WAAW,GAAG;AACxF,WAAO7B,QAAQyF,OAAOC,MAAM,0BAAA,CAAA;EAC9B;AAEA,QAAM0F,mBAAgDlL,OAAOuL,OAAO5L,oBAAAA,EAAsBO,IAAI,OAAOsL,wBAAAA;AAKnG,UAAMC,qBAA6B,MAAMC,uBAAuB;MAC9DF;MACA1B;MACAsB;MACAC;IACF,CAAA;AACA,UAAM,EAAEM,WAAWC,QAAO,IAAK,MAAMC,kBAAkB;MACrDL;MACA1B;MACAqB;IACF,CAAA;AACA,QAAIS,QAAQjK,UAAU,GAAG;AACvBmK,cAAQC,IAAI,sFAAsF;AAClGH,cAAQI,KAAK,KAAA;IACf;AACA,UAAM9E,cAAcoE,mBAChB;MAAE,GAAGE;MAAqB,GAAGF;IAAiB,IAC7C;MACC,GAAGE;MACHlE,6BAA6BqE;MAC7BpE,yBAAyBqE;MACzBtL,QAAQkL,oBAAoBlL;MAC5BkH,SAASsC,OAAOmC,OAAM,IAAK,kBAAcC,mDAA8B;QAAEC,KAAKV;MAAmB,CAAA;MACjG,GAAI3B,OAAOmC,OAAM,KAAM;QAAEzD,WAAW;MAAO;IAC7C;AACJ,UAAMrB,aAAa,MAAMF,kBAAkB;MAAEC;MAAatH;IAAQ,CAAA;AAClE,QAAI,CAACkK,OAAOsC,gBAAYC,kDAA6BlF,UAAAA,GAAa;AAGhE2C,aAAOsC,WAAWjF,WAAW/C,UAAU+C,WAAWwB;IACpD;AACA,WAAO;MAAE,GAAGzB;MAAaC;IAAW;EACtC,CAAA;AAEA,SAAO,MAAMrH,QAAQC,IAAImL,gBAAAA;AAC3B,GAxD+B;AA0DxB,IAAMW,oBAAoB,8BAC/BS,SAAAA;AAKA,QAAM,EAAExC,QAAQ0B,qBAAqBL,qBAAoB,IAAKmB;AAC9D,QAAM,EAAEhM,QAAQiM,wCAAuC,IAAKf;AAC5D,MAAII,UAAqC,CAAA;AACzC,MAAIW,2CAA2CxF,MAAMC,QAAQuF,uCAAAA,GAA0C;AACrGX,cAAUW;AACV,UAAMC,aAAiDrB,qBAAqBhI,KAAK,CAAC0E,WAChF0E,wCAAwCvJ,SAAS,OAAO6E,OAAO9E,YAAW,CAAA,EAA6B,CAAA;AAEzG,QAAIyJ,YAAY;AACd,aAAO;QAAEZ;QAASD,WAAWa;MAAW;IAC1C,WAAWD,wCAAwCvJ,SAAS,KAAA,GAAQ;AAClE,aAAO;QAAE4I;QAASD,WAAWrL,SAAS6K,qBAAqB,CAAA,IAAKA,qBAAqB,CAAA;MAAG;IAC1F,WAAWS,QAAQjK,SAAS,GAAG;AAC7B,aAAO;QAAEiK;MAAQ;IACnB;AACAE,YAAQW,KACN,yIAAyI;EAE7I;AAEA,MAAI3C,OAAOmC,OAAM,GAAI;AACnB,WAAO;MAAEL,SAAS;QAAC;;MAAQD,WAAWe,2CAAuBC;IAAQ;EACvE;AAGAf,YAAU;IAAC;;AACX,MAAI,CAACtL,UAAWA,OAAO0C,SAAS,KAAA,KAAU,CAAC1C,QAAQ0C,SAAS,gBAAA,GAAoB;AAC9E,WAAO;MAAE4I;MAASD,WAAWrL,SAAS6K,qBAAqB,CAAA,IAAKA,qBAAqB,CAAA;IAAG;EAC1F,OAAO;AAEL,WAAO;MAAES;MAASD,WAAWR,qBAAqB,CAAA;IAAG;EACvD;AACF,GAtCiC;AAwC1B,IAAMO,yBAAyB,8BAAOY,SAAAA;AAC3C,QAAM,EAAExC,QAAQ0B,qBAAqBJ,kCAAkCC,oCAAmC,IAAKiB;AAE/G,MAAIM;AACJ,MAAI,2BAA2BpB,uBAAuBA,oBAAoBqB,uBAAuB;AAC/F,QAAI,SAASrB,oBAAoBqB,yBAAyBrB,oBAAoBqB,sBAAsBC,KAAK;AACvGF,+BAAyBpB,oBAAoBqB,sBAAsBC,IAAIC;IACzE,WAAW,YAAYvB,oBAAoBqB,yBAAyBrB,oBAAoBqB,sBAAsBG,QAAQ;AACpHJ,+BAAyBpB,oBAAoBqB,sBAAsBG,OAAOD;IAC5E,WAAW,SAASvB,oBAAoBqB,yBAAyBrB,oBAAoBqB,sBAAsBI,KAAK;AAC9GL,+BAAyBpB,oBAAoBqB,sBAAsBI,IAAIF;AACvEjB,cAAQnH,MAAM,8EAAA;IAChB,OAAO;AACL,aAAO7E,QAAQyF,OAAOC,MAAM,mCAAmC,CAAA;IACjE;EACF,OAAO;AACLoH,iCAAyBhL;;MAEvB4J,oBAAoB0B,2CAA2C1B,oBAAoBuB,sCAAsC,CAAA;IAAE;EAE/H;AAGA,UAAQvB,oBAAoBlL,QAAM;;IAEhC,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK,YAAY;AACf,YAAM6M,uBAAqF/B,iCAAiCtJ,OAC1H,CAACsL,UAAiER,uBAAuB5J,SAASoK,KAAAA,CAAAA;AAGpG,UAAID,qBAAqBxL,SAAS,GAAG;AACnC,eAAOwL,qBAAqB,CAAA;MAC9B,WAAWrD,OAAOmC,OAAM,GAAI;AAC1B,eAAOoB,wCAAuBC;MAChC;AAGA,YAAMC,WAAWnC,iCAAiC,CAAA;AAClDU,cAAQC,IAAI,4GAA4GwB,QAAAA,EAAU;AAClI,aAAOA;IACT;;IAEA,KAAK;;IAEL,KAAK;IACL,KAAK,UAAU;AACb,YAAMJ,uBAAsC9B,oCAAoCvJ,OAAO,CAACsL,UACtFR,uBAAuB5J,SAASoK,KAAAA,CAAAA;AAElC,UAAID,qBAAqBxL,SAAS,GAAG;AACnC,eAAOwL,qBAAqB,CAAA;MAC9B;AAGA,YAAMI,WAAWlC,oCAAoC,CAAA;AACrDS,cAAQC,IAAI,4GAA4GwB,QAAAA,EAAU;AAClI,aAAOA;IACT;IACA;AACE,aAAOzN,QAAQyF,OAAOC,MAAM,sBAAsBgG,oBAAoBlL,MAAM,iBAAiB,CAAA;EACjG;AACF,GAlEsC;AAoE/B,IAAMkN,mCAAmC,8BAC9C9N,MACAE,YAAAA;AAEA,QAAM,EAAE6N,uBAAuBC,yBAAyBC,QAAO,IAAKjO;AAEpE,MAAI,CAAC+N,uBAAuB;AAC1B,WAAO3N,QAAQyF,OAAOC,MAAM,4CAAA,CAAA;EAC9B;AAEA,MAAI,CAACmI,SAAS;AACZ,WAAO7N,QAAQyF,OAAOC,MAAM,4BAAA,CAAA;EAC9B;AAEA,QAAMoI,4BAA4BC,kBAAkBC,YAAY;IAC9DL;IACAE;IACA3F,cAAcpI;IACd8N;EACF,CAAA;AAEA,SAAO,IAAI5N,QAAQ,CAACsG,SAASb,WAAAA;AAC3B,QAAI;AACFqI,gCAA0BG,aAAa,CAACC,UAAAA;AACtC,YAAIA,MAAMC,QAAQC,4BAA4BC,IAAI,GAAG;AACnD,gBAAMC,4BAA4BJ,MAAMpO,QAAQwO;AAChD,cAAI,CAACA,2BAA2B;AAC9B7I,mBAAOC,MAAM,uCAAA,CAAA;UACf;AACAY,kBAAQgI,yBAAAA;QACV,WAAWJ,MAAMC,QAAQC,4BAA4BG,OAAO,GAAG;AAC7DjI,kBAAQ8H,4BAA4BG,OAAO;QAC7C,WAAWL,MAAMC,QAAQC,4BAA4BI,QAAQ,GAAG;AAC9DlI,kBAAQ8H,4BAA4BI,QAAQ;QAC9C,WAAWN,MAAMC,QAAQC,4BAA4BvJ,KAAK,GAAG;AAC3DY,iBAAOyI,MAAMpO,QAAQ+E,KAAK;QAC5B;MACF,CAAA;AACAiJ,gCAA0BW,MAAK;IACjC,SAAS5J,OAAO;AACdY,aAAOZ,KAAAA;IACT;EACF,CAAA;AACF,GA3CgD;;;ALvezC,IAAM6J,8BAA6C;EACxD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGF,IAAMC,SAASC,0BAAQC,QAAQC,IAAI,yBAAA;AAE5B,SAASC,aACdC,YACAC,SACAC,OAAc;AAEd,SAAO,OAAOC,KAAUC,KAAcC,uBAAAA;AACpC,QAAIC,aAAa,MAAML,QAAQM,MAAMC,qBAAqBR,UAAAA;AAC1D,UAAMS,MAAMN,IAAIO,OAAOD,QAAQH,WAAWK,WAAW,QAAQL,WAAWG,MAAMG;AAC9E,QAAI,CAACN,WAAWO,UAAU,CAACV,IAAIW,QAAQC,KAAK;AAC1C,aAAOC,QAAQC,OAAOC,MAAM,8CAA8CC,KAAKC,UAAUjB,GAAAA,CAAAA,2BAA+B,CAAA;IAC1H;AACA,UAAMO,SAASP,IAAIO;AACnB,UAAMI,UAAUX,IAAIW;AACpB,QAAIZ,OAAO;AACTY,cAAQZ,QAAQA;IAClB;AACA,QAAIO,OAAOC,OAAON,KAAK;AACrBiB,cAAQC,IACN,qIAAqI;AAEvI,aAAOZ,OAAON;IAChB;AACA,YACE,MAAMH,QAAQM,MAAMgB,6BAA6B;MAC/CV,QAAQ;QAAE,GAAGP;QAAYD,oBAAoBA,sBAAsB;MAAM;MACzEmB,iBAAiBd;MACjBI;IACF,CAAA,GACAX;EACJ;AACF;AA9BgBJ;AA0DT,IAAM0B,gBAAN,MAAMA,eAAAA;EA/Mb,OA+MaA;;;EACMC;EACRC,aAAwC;IAC/CC,mBAAmBC;IACnBD,mBAAmBE;IACnBF,mBAAmBG;;EAGZC,UAA0B;IACjCC,oBAAoB,KAAKA,mBAAmBC,KAAK,IAAI;IACrDC,gCAAgC,KAAKA,+BAA+BD,KAAK,IAAI;IAC7EE,oCAAoC,KAAKA,mCAAmCF,KAAK,IAAI;IACrFG,0CAA0C,KAAKA,yCAAyCH,KAAK,IAAI;IACjGI,4CAA4C,KAAKA,2CAA2CJ,KAAK,IAAI;IACrGK,yBAAyB,KAAKA,wBAAwBL,KAAK,IAAI;IAC/DM,6BAA6B,KAAKA,4BAA4BN,KAAK,IAAI;IACvEO,4BAA4B,KAAKA,2BAA2BP,KAAK,IAAI;IACrEQ,iCAAiC,KAAKA,gCAAgCR,KAAK,IAAI;IAC/ES,qCAAqC,KAAKA,oCAAoCT,KAAK,IAAI;IACvFU,sCAAsC,KAAKA,qCAAqCV,KAAK,IAAI;IACzFW,+BAA+B,KAAKA,8BAA8BX,KAAK,IAAI;IAC3EY,+BAA+B,KAAKA,8BAA8BZ,KAAK,IAAI;IAC3Ea,gCAAgC,KAAKA,+BAA+Bb,KAAK,IAAI;IAC7Ec,kCAAkC,KAAKA,iCAAiCd,KAAK,IAAI;EACnF;EAEiBe,sBAAqC;IAAC;IAAa;IAAa;IAAY;IAAe;IAAU;;EACrGC,sCAAqD;IACpE;IACA;IACA;IACA;;EAGeC,uBAAsD;IACrEC,2CAAuBC;IACvBD,2CAAuBE;IACvBF,2CAAuBG;IACvBH,2CAAuBI;IACvBJ,2CAAuBK;;EAERC,mCAAiG;IAChHC,yCAAuBC;IACvBD,yCAAuBE;IACvBF,yCAAuBG;;EAEzB,OAAwBC,8BAA8B,GAAGC,yCAAkBC,gBAAgB;EAC1EC,kCAA4D;IAAEC,aAAa1C,eAAcsC;EAA4B;EACrHK;EACAC;EACAC;EACAC;EAEjB,YAAYC,SAAgC;AAC1C,UAAM,EACJJ,0BACAC,oBACAC,qBACAC,8BACAtB,qBACAC,qCACAC,sBACAO,kCACAe,oCACA/C,SAASgD,8BAAa,IACpB;MAAE,GAAGF;IAAQ;AAEjB,SAAK9C,SAASA;AACd,QAAIuB,wBAAwB0B,UAAa1B,oBAAoB2B,SAAS,GAAG;AACvE,WAAK3B,sBAAsBA;IAC7B;AACA,QAAIC,wCAAwCyB,UAAazB,oCAAoC0B,SAAS,GAAG;AACvG,WAAK1B,sCAAsCA;IAC7C;AACA,QAAIC,yBAAyBwB,UAAaxB,qBAAqByB,SAAS,GAAG;AACzE,WAAKzB,uBAAuBA;IAC9B;AACA,QAAIO,qCAAqCiB,UAAajB,iCAAiCkB,SAAS,GAAG;AACjG,WAAKlB,mCAAmCA;IAC1C;AACA,QAAIe,oCAAoC;AACtC,WAAKP,kCAAkCO;IACzC;AACA,SAAKL,2BAA2BA;AAChC,SAAKC,qBAAqBA;AAC1B,SAAKC,sBAAsBA;AAC3B,SAAKC,+BAA+BA;EACtC;EAEA,MAAaM,QAAQC,OAAYC,SAAyC;AACxE,YAAQD,MAAME,MAAI;MAChB,KAAKpD,mBAAmBC;AACtB,aAAKuC,2BAA2BU,MAAMG,IAAI;AAC1C;MACF,KAAKrD,mBAAmBE;AACtB,aAAKuC,qBAAqBS,MAAMG,IAAI;AACpC;MACF,KAAKrD,mBAAmBG;AACtB,aAAKuC,sBAAsBQ,MAAMG,IAAI;AACrC;MACF;AACE,eAAOC,QAAQC,OAAOC,MAAM,cAAcN,MAAME,IAAI,gBAAgB,CAAA;IACxE;EACF;;;;EAKA,MAAc5C,mCAAmCiD,MAAkCN,SAAqD;AACtI,UAAMO,2BAA2B;MAAE,GAAG,KAAKpB;MAAiC,GAAGmB,KAAKC;IAAyB;AAC7G,UAAMC,WAA6C;MACjD,CAACC,uBAAuBC,KAAK,GAAG,CAACC,SAC/B,KAAKzD,mBACH;QACE,GAAGyD;QACHJ;MACF,GACAP,OAAAA;MAEJ,CAACS,uBAAuBG,6BAA6B,GAAG,CAACD,SACvDE,iCAAiC;QAAE,GAAGF;QAAMG,yBAAyBR,KAAKS;MAAkC,GAAGf,OAAAA;MACjH,CAACS,uBAAuBO,6BAA6B,GAAG,CAACL,SACvD,KAAKpD,2CAA2CoD,MAAMX,OAAAA;MACxD,CAACS,uBAAuBQ,2BAA2B,GAAG,CAACN,SACrD,KAAKrD,yCAAyCqD,MAAMX,OAAAA;MACtD,CAACS,uBAAuBS,UAAU,GAAG,CAACP,SAAyB,KAAKnD,wBAAwBmD,MAAMX,OAAAA;MAClG,CAACS,uBAAuBU,cAAc,GAAG,CAACR,SACxC,KAAKlD,4BAA4B;QAAE2D,iBAAiBT,KAAKS,mBAAmBd,KAAKc;QAAiB,GAAGT;MAAK,GAAGX,OAAAA;MAC/G,CAACS,uBAAuBY,kBAAkB,GAAG,CAACV,SAAiC,KAAKhD,gCAAgCgD,MAAMX,OAAAA;MAC1H,CAACS,uBAAuBa,iBAAiB,GAAG,CAACX,SAAgC,KAAK3C,+BAA+B2C,MAAMX,OAAAA;MACvH,CAACS,uBAAuBc,mBAAmB,GAAG,CAACZ,SAAkC,KAAK1C,iCAAiC0C,MAAMX,OAAAA;MAC7H,CAACS,uBAAuBe,sBAAsB,GAAG,CAACb,SAAqC,KAAK/C,oCAAoC+C,MAAMX,OAAAA;MACtI,CAACS,uBAAuBgB,uBAAuB,GAAG,CAACd,SACjD,KAAK9C,qCAAqC8C,MAAMX,OAAAA;MAClD,CAACS,uBAAuBiB,gBAAgB,GAAG,CAACf,SAA+B,KAAK7C,8BAA8B6C,MAAMX,OAAAA;MACpH,CAACS,uBAAuBkB,gBAAgB,GAAG,CAAChB,SAA+B,KAAK5C,8BAA8B4C,MAAMX,OAAAA;MACpH,CAACS,uBAAuBmB,kBAAkB,GAAG,CAACjB,SAAiC,KAAKiB,mBAAmBjB,MAAMX,OAAAA;IAC/G;AAEA,UAAM6B,6BAAyD;MAC7D,GAAGvB;MACHC;MACAC,UAAU;QACR,GAAGA;QACH,GAAGF,KAAKE;MACV;IACF;AAEA,UAAM,EAAEsB,YAAW,IAAK,MAAMC,eAAeC,YAAYH,4BAA4B7B,OAAAA;AAErF,WAAO;MACL8B;IACF;EACF;;;;;;;;;EAUA,MAAc5E,mBAAmByD,MAAwBX,SAAgD;AACvG,UAAM,EAAEiC,YAAW,IAAKtB;AACxB,QAAI,CAACsB,aAAa;AAChB,YAAM5B,MAAM,0EAA0E;IACxF;AACA,UAAM,EAAE6B,MAAMtC,OAAS,IAAKqC;AAC5B,QAAI,CAACC,KAAK;AACR,aAAO/B,QAAQC,OAAOC,MAAM,gCAAA,CAAA;IAC9B;AAEA,UAAME,2BAA2B;MAAE,GAAG,KAAKpB;MAAiC,GAAGwB,KAAKJ;IAAyB;AAE7GA,6BAAyB4B,uBAAuB5B,0BAA0B4B,2BACtEC,uBAAQ7B,yBAAyB4B,oBAAoB,IACrDvC;AAEJ,QAAI,CAACW,yBAAyBnB,aAAa;AACzCmB,+BAAyBnB,cAAc1C,eAAcsC;IACvD;AACA,QAAIuB,yBAAyBnB,YAAYiD,WAAW,MAAA,KAAW,CAAC9B,yBAAyB+B,UAAU;AAGjG/B,+BAAyB+B,WAAW/B,yBAAyBnB;IAC/D;AAGA,QAAImD,UAAoB,KAAKrE;AAC7B,UAAMsE,cAAcjC,0BAA0B4B,sBAC1CM,IAAI,CAACC,WAAyC,OAAOA,WAAW,YAAY,YAAYA,UAAUA,OAAOC,SAASD,OAAOC,SAAS/C,MAAAA,EACnIgD,OAAO,CAACD,WAAW,CAAC,CAACA,MAAAA,EACrBF,IAAI,CAACE,WAAWA,MAAAA;AACnB,QAAIH,eAAeA,YAAY3C,SAAS,GAAG;AACzC0C,gBAAUM,MAAMC,KAAK,IAAIC,IAAIP,WAAAA,CAAAA;IAC/B;AACA,QAAIQ;AACJ,QAAIC;AACJ,QAAIhB,YAAYiB,qBAAqB;AACnCF,sBAAgB,MAAMG,+CAAwBC,UAAU;QAAEC,OAAOpB,YAAYiB;MAAoB,CAAA;AACjGD,cAAQD,cAAcM;IACxB,OAAO;AACLL,cAAQhB,YAAYqB;AACpB,UACEpB,IAAIG,WAAWkB,YAAYC,wBAAwB,KACnDtB,IAAIG,WAAWkB,YAAYE,uBAAuB,KAClDvB,IAAIwB,MAAM,yCAAA,GACV;AACA,YAAI,CAACT,OAAO;AAEVA,kBAAQ,MAAMU,6CAAsBC,QAAQ1B,GAAAA;QAC9C;MACF,OAAO;AACL,YAAI,CAAC,CAACe,OAAO;AACXY,iBAAOC,QAAQ,8CAA8C5B,GAAAA,EAAK;QACpE;MACF;AAEA,UAAI,CAACe,OAAO;AAEVY,eAAOE,IAAI,8CAA8C7B,GAAAA,EAAK;AAC9Dc,wBAAgB,MAAMG,+CAAwBa,qBAAqB;UACjEC,kBAAkB/B;UAClBgC,sBAAsB3D;UACtB+B,UAAU/B,yBAAyB+B;UACnC6B,+BAA+B;QACjC,CAAA;MACF,OAAO;AACLN,eAAOE,IAAI,8BAA8B7B,GAAAA,EAAK;AAC9Cc,wBAAgB,MAAMG,+CAAwBS,QAAQ;UACpD1B;UACAgC,sBAAsB3D;UACtB+B,UAAU/B,yBAAyB+B;UACnC6B,+BAA+B;QACjC,CAAA;MACF;IACF;AAEA,QAAIC,mBAAkC,CAAA;AACtC,QAAInB,OAAO;AACTmB,yBAAmBnB,MAAMoB,0BAA0BC;IACrD,OAAO;AACLF,6BAAmBhC,uBAAQ7B,yBAAyB4B,oBAAoB,EAErEM,IAAI,CAAC8B,gBAAgBA,YAAYC,2BAA2B,EAC5D5B,OAAO,CAAC6B,OAAqB,CAAC,CAACA,EAAAA;IACpC;AAEA,UAAMC,uBAAuB,MAAMC,oCAAoC;MACrEC,QAAQ5B;MACR9E,qBAAqBqE;MACrB6B;IACF,CAAA;AAEA,UAAMS,iBAAiB,MAAM7B,cAAc8B,uBAAsB;AACjE,UAAMC,qBAAqB,MAAMC,sBAAsB;MAAEN;MAAsB1E;IAAQ,CAAA;AACvF,UAAMiF,qBAAqBC,KAAKC,MAAM,MAAMnC,cAAcoC,YAAW,CAAA;AAErE,WAAO;MACLL;MACAL;MACAG;MACAI;IACF;EACF;EAEA,MAAc3H,yCACZqD,MACAX,SACqC;AACrC,UAAM,EAAEqF,uBAAuBC,QAAO,IAAK3E;AAC3C,QAAI,CAAC0E,uBAAuB;AAC1B,aAAOlF,QAAQC,OAAOC,MAAM,4CAAA,CAAA;IAC9B;AAEA,UAAMiC,WAAWgD,SAASC,WACvB9C,IAAI,CAAC+C,aAAAA;AACJ,YAAMC,mBAAmBD,SAASE,YAAYC;AAC9C,UAAIF,oBAAoB,cAAcA,kBAAkB;AACtD,eAAOA,iBAAiBnD;MAC1B;AACA,aAAO1C;IACT,CAAA,EACCgG,KAAK,CAACtD,cAAaA,SAAAA;AAEtB,QAAI,CAACA,UAAU;AACb,aAAOnC,QAAQC,OAAOC,MAAM,iDAAiD,CAAA;IAC/E;AACA,UAAMuE,SAAS,MAAMzB,+CAAwBC,UAAU;MAAEC,OAAOgC;IAAsB,CAAA;AACtF,UAAMQ,uBAAuB,MAAMjB,OAAOkB,8BAA8B;MACtE5B,sBAAsB;QACpB5B;MACF;IACF,CAAA;AACA,QAAIuD,sBAAsB;AACxBhC,aAAOE,IAAI,0BAA0B8B,oBAAAA,EAAsB;IAC7D;AACA,WAAO;MACLA;;MAEAZ,oBAAoBC,KAAKC,MAAM,MAAMP,OAAOQ,YAAW,CAAA;IACzD;EACF;EAEA,MAAc7H,2CACZoD,MACAX,SAC8C;AAC9C,UAAM,EAAE+E,oBAAoBgB,QAAQC,qBAAiDtB,qBAAoB,IAAK/D;AAO9GkD,WAAOoC,KAAK,yBAAyBC,OAAOC,KAAKzB,oBAAAA,EAAsB0B,KAAK,IAAA,CAAA,EAAO;AAEnF,UAAMC,sBAA2D,MAAMlG,QAAQmG,IAC7EJ,OAAOK,QAAQ7B,oBAAAA,EAAsBjC,IAAI,OAAO,CAACgC,IAAI+B,yBAAAA,MAA0B;AAI7E,YAAMC,sBAAkBC,2CAAmBF,yBAAAA;AAE3C,YAAMG,iBAAiB,CAAC5B,qBACpBnF,SACCmF,qBAAqBN,EAAAA,KACtByB,OAAOK,QAAQxB,kBAAAA,EACZa,KAAK,CAAC,CAAC3F,MAAM2G,UAAAA,MAAW;AACvBH,2BAAmBxG,QAAQwG;MAC7B,CAAA,GACEhE,IAAI,CAAC,CAACxC,MAAM4G,SAAAA,MAAeA,SAAAA;AACnC,YAAMC,mBACJ,MAAMC,+BAA+B;QACnChB;QACAY;MACF,CAAA,IACCK;AAEH,aAAO;QACLvC,QAAIwC,aAAAA,IAAAA;QACJC,cAAczC;QACdgC,iBAAiBA,uBAAmBrE,uBAAQqC,EAAAA;QAC5CqC,iBAAiBA,mBAAmBrC;QACpC0C,YAAY;MACd;IACF,CAAA,CAAA;AAIF,QAAId,oBAAoBxG,UAAU,GAAG;AACnCwG,0BAAoB5D,IAAI,CAAC2E,QAAQpB,oBAAoBqB,KAAKD,IAAIF,YAAY,CAAA;IAC5E;AACArD,WAAOE,IAAI,wBAAwBmB,KAAKoC,UAAUjB,mBAAAA,CAAAA,EAAsB;AAExE,WAAOA;EACT;EAEA,MAAc7I,wBAAwBmD,MAAsBX,SAAsD;AAChH,UAAM,EAAE6E,eAAc,IAAKlE;AAE3B,QAAIkE,mBAAmBjF,QAAW;AAChC,aAAOO,QAAQC,OAAOC,MAAM,mCAAA,CAAA;IAC9B;AAEA,UAAMkH,QAAqB,IAAIxE,IAC7B8B,eAAe2C,0BAA0BC,SACrChF,IAAI,CAACgF,YAAYA,QAAQC,IAAI,EAC9B9E,OAAO,CAAC8E,UAASA,SAAQ9H,MAAAA,EACzB6C,IAAI,CAACiF,UAASA,KAAAA,KAAmB,CAAA,CAAE;AAExC,UAAMA,OAAOH,MAAMI,OAAO,IAAI9E,MAAMC,KAAKyE,KAAAA,EAAO,CAAA,IAAK3H;AAErD,UAAMgI,gBAAwB,IAAIC,IAAIhD,eAAeiD,MAAM,EAAEC;AAE7D,UAAMnF,SAAwB;MAC5B;QACE2C,YAAY;UACVyC,YAAY;YACVJ;UACF;QACF;MACF;;AAGF,QAAIF,MAAM;AACR9E,aAAOyE,KAAK;QACV/B,SAAS;UACP2C,WAAWP;QACb;MACF,CAAA;AACA9E,aAAOyE,KAAK;QACV/B,SAAS;UACP4C,aAAaR;QACf;MACF,CAAA;IACF;AAEA,UAAMS,UAAwB,MAAMnI,QAAQoI,MAAMC,cAAc;MAC9DzF;IACF,CAAA;AAEA,QAAIuF,QAAQtI,SAAS,GAAG;AACtBgE,aAAOC,QAAQ,+CAA+CqE,QAAQtI,MAAM,KAAKsI,QAAQ1F,IAAI,CAAC6F,WAAUA,OAAMhD,QAAQ4C,WAAW,EAAE9B,KAAK,GAAA,CAAA,EAAM;IAChJ;AACA,UAAMkC,QAAQH,QAAQtI,UAAU,IAAIsI,QAAQ,CAAA,IAAKvI;AAEjDiE,WAAOE,IAAI,oBAAoBuE,KAAAA;AAC/B,WAAOA;EACT;EAEA,MAAc7K,4BAA4BkD,MAA0BX,SAAoE;AACtI,UAAM,EAAEuI,kBAAkBlD,uBAAuBjH,sBAAsBoK,aAAapH,iBAAiBqH,WAAU,IAAK9H;AACpHkD,WAAO6E,MAAM,uBAAuBF,aAAapH,eAAAA;AAEjD,QAAI,CAACiE,uBAAuB;AAC1B,aAAOlF,QAAQC,OAAOC,MAAM,4CAAA,CAAA;IAC9B;AAEA,UAAMuE,SAAS,MAAMzB,+CAAwBC,UAAU;MAAEC,OAAOgC;IAAsB,CAAA;AACtF,UAAMX,uBAAuB,MAAMC,oCAAoC;MACrEC;MACA1G,qBAAqB,KAAKA;MAC1BkG,kBAAkBzD,KAAKqF;IACzB,CAAA;AACA,UAAMnB,iBAAiB,MAAMD,OAAOE,uBAAsB;AAC1D,UAAM6D,eAAe,MAAMC,gBAAgB;MACzChE;MACAF;MACAG;MACA7E;MACA5B,sBAAsB,KAAKyK,2BAA2BzK,sBAAsBqK,UAAAA;MAC5E9J,kCAAkC,KAAKA;MACvCR,qCAAqC,KAAKA;MAC1C,GAAIqK,eAAe;QAAEM,kBAAkBN;MAAY;IACrD,CAAA;AAEA,UAAMrH,iBAAiBwH,aAAalG,IAClC,OAAO+F,iBACL,MAAM,KAAK9K,2BACT;MACE8K,aAAAA;MACAO,KAAKR;MACL3D;MACAxD;IACF,GACApB,OAAAA,CAAAA;AAIN,UAAMgJ,iBAAiB,MAAM7I,QAAQmG,IAAInF,cAAAA;AACzC0C,WAAOE,IAAI,wBAAwBiF,cAAAA;AAEnC,WAAOA;EACT;EAEQH,2BAA2BzK,sBAAiEqK,YAAwB;AAC1H,UAAMQ,0BACJpG,MAAMqG,QAAQ9K,oBAAAA,KAAyBA,qBAAqByB,SAAS,IAAIzB,uBAAuB,KAAKA;AACvG,QAAIqK,eAAe,kBAAkB;AACnC,aAAO;QAACpK,2CAAuB8K;WAAYF;;IAC7C;AACA,WAAOA;EACT;EAEA,MAAcvL,2BAA2BiD,MAAyBX,SAA6D;AAC7H,UAAM,EAAEwI,aAAaO,KAAKnE,QAAQxD,gBAAe,IAAKT;AACtDkD,WAAOoC,KAAK,sBAAsBuC,WAAAA;AAElC,QAAI,CAACA,aAAa;AAChB,aAAOrI,QAAQC,OAAOC,MAAM,wCAAwC,CAAA;IACtE;AAEA,UAAM2H,aAAa,MAAMoB,kBAAkB;MAAEZ;MAAaxI;IAAQ,CAAA;AAClEwI,gBAAYR,aAAaA;AACzBnE,WAAOoC,KAAK,WAAW+B,UAAAA;AACvB,UAAMqB,MAA6D,UAAMC,+CAA0B;MAAEC,KAAKvB,WAAWuB;IAAI,CAAA;AAEzH,UAAMC,UAAMC,kDAA6BzB,UAAAA,IAAcA,WAAWwB,MAAM5J;AAExE,UAAM8J,YAAwC;MAC5CC,cAAcA,aAAa3B,YAAYhI,OAAAA;IACzC;AAEA,QAAI;AAEF,UAAI,CAAC4E,OAAOtC,UAAU;AACpBsC,eAAOtC,eAAWsH,kDAA6B5B,UAAAA,IAAcA,WAAW6B,MAAM7B,WAAWF;MAC3F;AACA,UAAIgC,SAA8ClK;AAClD,UAAImK,MAAM3I,iBAAiB4I,YAAYD,OAAO/B,WAAW+B;AACzD,UAAI3I,iBAAiB4I,YAAY;AAC/B,cAAM1H,WAAWlB,gBAAgB4I,WAAW1H,YAAYsC,OAAOtC,YAAY0F,WAAWF;AACtF,YAAIlD,OAAOqF,OAAM,KAAM3H,UAAUD,WAAW,MAAA,KAAW0H,KAAKG,SAAS,GAAA,GAAM;AACzEH,gBAAMA,IAAII,MAAM,GAAA,EAAK,CAAA;QACvB;AAGA,cAAMH,aAA4C;UAChD,GAAG5I,gBAAgB4I;UACnB1H;UACAyH;;UAEAV,KAAKjI,gBAAgB4I,WAAWX,OAAOA;UACvCe,eAAehJ,gBAAgB4I,WAAWI,iBAAiBV;QAC7D;AACAI,iBAAS;UACPE;QACF;MACF;AAEA,YAAMpF,OAAOyF,mBAAmB;QAC9B/H,UAAUsC,OAAOtC;QACjByG;QACAuB,uBAAuBpF,KAAKC,MAAM,MAAMP,OAAOQ,YAAW,CAAA,EAAImF;QAC9DC,yBAAyBpJ,iBAAiBoJ;QAC1C,GAAIV,UAAU;UAAEA;QAAO;MACzB,CAAA;AAGA,YAAMW,YAAQ/D,2CAAmB8B,WAAAA;AACjC,YAAM/D,KAAyB,QAAQ+D,eAAeA,YAAY/D,KAAM+D,YAAY/D,KAAgB7E;AACpG,YAAM6G,sBAAkBrE,uBAAQoG,YAAYkC,6BAA6BD,SAAShG,EAAAA;AAClF,UAAI,CAACgC,mBAAmBA,gBAAgB5G,WAAW,GAAG;AACpD,eAAOM,QAAQC,OAAOC,MAAM,2CAAA,CAAA;MAC9B;AAEA,YAAMsK,uBAAuB,KAAKC,wBAAwBpC,WAAAA;AAC1D,YAAMqC,qBAAqB,MAAMjG,OAAOkG,mBAAmB;QACzD,GAAIH,wBAAwB;UAAE3K,SAAS2K,qBAAqB,UAAA;QAAY;QACxElE;QACAsE,gBAAgBrB;QAChB/G,QAAQ6F,YAAY7F;;QAEpBqI,yBAAyB;QACzB,GAAIxC,YAAY/D,MAAM,OAAO+D,YAAY/D,OAAO,WAAW;UAAEiG,2BAA2BlC,YAAY/D;QAAG,IAAI7E;QAC3G,GAAI,CAAC4J,OAAO;UAAEO;QAAI;QAClBP;QACAH;QACA4B,SAAKhE,aAAAA,IAAAA;MACP,CAAA;AAEA,YAAMiE,aAAa;QACjBzG,IAAI+D,YAAYkC,6BAA6BjG;QAC7CgG,OAAOA,aAASrI,uBAAQqE,eAAAA;QACxB+B;QACAqC;MACF;AACA,aAAOM,sBAAsB;QAAEC,oBAAoBF;QAAYvO,QAAQ,KAAKA;MAAO,CAAA;IACrF,SAAS0O,OAAO;AACd,aAAOlL,QAAQC,OAAOiL,KAAAA;IACxB;EACF;EAEA,MAAc1N,gCAAgCgD,MAA8BX,SAA6C;AACvH,UAAM,EAAEsL,qBAAqBhG,QAAO,IAAK3E;AAEzC,QAAI,CAAC2E,SAAS;AACZ,aAAOnF,QAAQC,OAAOC,MAAM,4BAAA,CAAA;IAC9B;AAEA,QAAIiL,wBAAwB1L,UAAa0L,oBAAoBzL,WAAW,GAAG;AACzE,aAAOM,QAAQC,OAAOC,MAAM,sCAAA,CAAA;IAC9B;AAEA,QAAIuH,gBAAwB0D,oBAAoB,CAAA,EAAG1D;AACnD,QAAI2D,iBAAiBC,0CAA0BC;AAC/C,QAAI,CAAC7D,cAAc8D,YAAW,EAAGrJ,WAAW,MAAA,GAAS;AACnDkJ,uBAAiBC,0CAA0B3D;AAC3C,UAAID,cAAcvF,WAAW,MAAA,GAAS;AACpCuF,wBAAgB,IAAIC,IAAID,aAAAA,EAAeG;MACzC;IACF;AACA,UAAMvC,WAAiC;MACrCwB,OAAOsE,oBAAoB,CAAA,EAAG1D;MAC9B+D,QAAQC,+BAAeC;MACvBC,OAAO;QAACC,iCAAeC;;MACvBhE,YAAY;QACV/H,MAAMsL;QACN3D;MACF;MACA,GAAI2D,mBAAmBC,0CAA0B3D,OAAO;QACtDnC,YAAY;UACVzF,MAAMgM,+BAAeC;UACrBvG,QAAQ;YACNrD,UAAU;YACV6J,cAAc;YACdC,QAAQ;cAAC;;YACTtE,QAAQ;YACRuE,aAAa;YACbC,sCAAsC;YACtCC,kBAAkB;UACpB;QACF;MACF;IACF;AAEA,UAAMvM,QAAQoI,MAAMoE,KAAK3P,mBAAmBC,0BAA0B;MACpE2P,WAAWnH,QAAQb;MACnBe;IACF,CAAA;AACA3B,WAAOE,IAAI,kBAAkB6D,aAAAA,EAAe;AAE5C,WAAO5H,QAAQoI,MAAMsE,cAAc;MAAED,WAAWnH,QAAQb;MAAIe;IAAS,CAAA;EACvE;EAEA,MAAcxH,+BACZ2C,MACAX,SACoE;AACpE,UAAM,EAAE6E,gBAAgBS,QAAO,IAAK3E;AAGpC,UAAMgM,sBAAsBrH,SAASC,WAClC3C,OAAO,CAAC4C,aAAaA,SAASsG,MAAM5B,SAAS6B,iCAAeC,MAAM,CAAA,EAClEvJ,IAAI,CAAC+C,aAAaA,SAASwC,WAAWJ,aAAa,EAAE,CAAA;AAExD,QAAI+E,qBAAqB;AACvB,YAAMC,WAAW,MAAM5M,QAAQoI,MAAMyE,oBAAoB;QAAEjK,QAAQ;UAAC;YAAE+J;UAAoB;;MAAG,CAAA;AAC7F,UAAIC,SAAS/M,SAAS,GAAG;AACvB,eAAO+M,SAAS,CAAA,EAAGjG;MACrB;IACF;AAGA,QAAI,CAAC9B,gBAAgB;AACnB,aAAO1E,QAAQC,OAAOC,MAAM,mCAAA,CAAA;IAC9B;AAEA,WAAOyM,6BAA6B;MAClCrF,SAAS5C,eAAe2C,0BAA0BC,WAAW,CAAA;MAC7DsF,mCAAmClI,eAAe2C;MAClDxH;IACF,CAAA;EACF;EAEA,MAAc/B,iCAAiC0C,MAA+BX,SAAyC;AACrH,UAAM,EAAEgN,gBAAgB1H,QAAO,IAAK3E;AACpC,QAAI,CAACqM,kBAAkBA,eAAenN,WAAW,KAAoCmN,eAAgB,CAAA,EAAGvI,IAAI;AAE1G;IACF;AAEA,QAAI,CAACa,SAAS;AACZ,aAAOnF,QAAQC,OAAOC,MAAM,4BAAA,CAAA;IAC9B;AAEA,UAAMsM,sBAAsBrH,SAASC,WAClC3C,OAAO,CAAC4C,aAAaA,SAASsG,MAAM5B,SAAS6B,iCAAeC,MAAM,CAAA,EAClEvJ,IAAI,CAAC+C,aAAaA,SAASwC,WAAWJ,aAAa,EAAE,CAAA;AAGxD,UAAMgF,WAAW,MAAM5M,QAAQoI,MAAMyE,oBAAoB;MAAEjK,QAAQ;QAAC;UAAE+J;QAAoB;;IAAG,CAAA;AAC7F,QAAIC,SAAS/M,SAAS,GAAG;AACvB;IACF;AAEA,UAAMG,QAAQoI,MAAM6E,oBAAoB;MACtCtG,gBAAgBqG;MAChBL;IACF,CAAA;EACF;EAEA,MAAc/O,oCAAoC+C,MAAkCX,SAAyD;AAC3I,UAAM,EAAEsL,qBAAqB9C,YAAW,IAAK7H;AAE7C,WAAO,MAAMR,QAAQmG,IACnBgF,oBAAoB7I,IAAI,CAAC2I,uBACvB8B,yBAAyB;MACvBC,kBAAkB/B;MAClB5L,8BAA8B,KAAKA;MACnC7C,QAAQ,KAAKA;MACbyQ,kBAAkB5E,aAAa4E;MAC/BpN;IACF,CAAA,CAAA,CAAA;EAGN;EAEA,MAAcnC,qCAAqC8C,MAAmCX,SAAyC;AAC7H,UAAM,EAAE+E,oBAAoBF,gBAAgBmB,qBAAqBsF,oBAAmB,IAAK3K;AAEzF,QAAIkE,mBAAmBjF,QAAW;AAChC,aAAOO,QAAQC,OAAOC,MAAM,mCAAA,CAAA;IAC9B,WAAW2F,oBAAoBnG,WAAW,GAAG;AAC3CgE,aAAOC,QAAQ,uCAAuCe,eAAeiD,MAAM,EAAE;AAC7E;IACF;AAEA,QAAIuF,UAAU;AACd,eAAWnG,gBAAgBlB,qBAAqB;AAE9C,YAAMsH,WAAWpG;AACjB,YAAMuD,QACJa,oBACG1F,KAAK,CAAC2H,OAAOA,GAAG3F,kBAAkB0F,YAAYC,GAAGnC,mBAAmB3G,OAAO6I,YAAYC,GAAG9C,MAAMP,SAASoD,QAAAA,CAAAA,GACxG7C,OAAO7H,OAAO,CAAC3C,SAASA,QAAQ,sBAAA,KAA2B,CAAA;AAEjE,YAAM0G,iBAAwD5B,qBAAqBuI,QAAAA,KAAa,CAAA;AAChG,UAAI3G,eAAe9G,WAAW,GAAG;AAC/B,mBAAWI,QAAQwK,OAAO;AACxB,gBAAMmC,WAAW7H,qBAAqB9E,IAAAA,KAAS,CAAA;AAC/C,cAAI2M,SAAS/M,SAAS,GAAG;AACvB8G,2BAAeU,KAAI,GAAIuF,QAAAA;UACzB;QACF;MACF;AAEA,UAAIjG,kBAAkBA,eAAe9G,SAAS,GAAG;AAC/C,cAAMqL,aAAaI,oBAAoB1F,KACrC,CAAC4H,eACCA,WAAWpC,mBAAmB3G,OAAOyC,gBACrChC,KAAKoC,UAAUkG,WAAW/C,KAAK,MAAMvD,gBACrChC,KAAKoC,UAAUkG,WAAW/C,MAAM7H,OAAO,CAAC6K,SAASA,SAAS,sBAAA,CAAA,MAA6BvI,KAAKoC,UAAUmD,KAAAA,KACtGa,oBAAoB+B,OAAAA,CAAQ;AAEhCA;AACA,cAAMrN,QAAQoI,MAAMsF,wBAAwB;UAC1CC,YAAQC,gCAAiB1C,WAAW2C,uBAAuB;UAC3DlB,qBAAqB,IAAI9E,IAAIhD,eAAeiD,MAAM,EAAEC;UACpDpB;QACF,CAAA;AACA9C,eAAOE,IACL,kCAAkCc,eAAeiD,MAAM,aAAaZ,YAAAA,wBAAoCP,eAAelE,IAAI,CAACqL,MAAMA,EAAE/H,MAAM,EAAEK,KAAK,GAAA,CAAA,EAAM;MAE3J,OAAO;AACLvC,eAAOC,QAAQ,4CAA4Ce,eAAeiD,MAAM,aAAaZ,YAAAA,EAAc;MAC7G;IACF;EACF;EAEA,MAAcpJ,8BAA8B6C,MAA4BX,SAAyC;AAC/G,aAAS+N,QAAQC,OAAc;AAC7B,YAAMC,OAAOD,OAAOC,KAAAA;AACpB,UAAIA,SAAS,IAAI;AACf,eAAOrO;MACT;AACA,aAAOqO;IACT;AANSF;AAQT,UAAM,EAAEzC,qBAAqBjG,uBAAuBX,sBAAsBG,gBAAgBmB,oBAAmB,IAAKrF;AAClH,UAAMuN,2BAA2B5C,oBAAoB,CAAA;AAErD,QAAItF,uBAAuBA,oBAAoBnG,SAAS,GAAG;AACzDgE,aAAOwH,MAAM,mCAAmCrF,oBAAoBI,KAAK,IAAA,CAAA,iDAAsD;IACjI;AAGA,UAAMoC,cAAc7H,KAAK6H,eAAe0F,yBAAyB9C,mBAAmB5C;AACpF,QAAI,CAACA,eAAe,CAACA,YAAYR,YAAY;AAC3C,aAAO7H,QAAQC,OAAOC,MAAM,mEAAA,CAAA;IAC9B;AACA,UAAM,EAAE8N,WAAWC,OAAM,IAAK5F,YAAYR;AAE1C,QAAIqG,UAAU;AACd,UAAMC,uBAAuBJ,yBAAyBK;AAEtD,UAAMC,iBAAiBN,yBAAyB9C,mBAAmBP,mBAAmB4D;AACtF,UAAMC,kBAAkBR,yBAAyBS;AACjD,UAAMC,uBAAuB/J,gBAAgB2C,0BAA0BqH;AACvE,QAAIC,mBAKYlP;AAChB,QAAI,CAACgP,sBAAsB;AACzB/K,aAAOE,IAAI,yCAAyCc,gBAAgBiD,MAAAA,mCAAyC;IAC/G,WAAW8G,wBAAwB,CAACJ,gBAAgB;AAClD3K,aAAOC,QACL,iEAAiE8K,oBAAAA,YAAgCJ,cAAAA,qDAAmE3J,gBAAgBiD,MAAAA,EAAQ;IAEhM,WAAW8G,wBAAwBJ,gBAAgB;AACjD3K,aAAOE,IAAI,mBAAmByK,cAAAA,4CAA0DI,oBAAAA,EAAsB;AAC9G,UAAI7O,QAAQ;AACZ,UAAI8C,MAAMqG,QAAQwF,iBAAiBK,6BAAAA,GAAgC;AAEjEhP,gBAAQ2O,gBAAgBK,8BAA8B7E,SAAS,mCAAA,IAC3D,sCACA;AACJrG,eAAOE,IAAI,qDAAqDhE,KAAAA;AAEhE,cAAMiP,WAAWC,8BAA8Bf,yBAAyB9C,mBAAmBP,kBAAkB;AAC7G,cAAMqE,kBAAkBC,mCAAiBC,8BAA8BJ,UAAU;UAAErS,QAAQ,KAAKA,UAAUgD;QAAc,CAAA;AACxH0P,gBAAQtL,IAAI,eAAemL,gBAAgBjP,IAAI,KAAKiP,gBAAgBvM,MAAM,EAAE;AAG5E,YAAImF;AAEJ,YAAIqH,mCAAiBG,mCAAmCJ,eAAAA,GAAkB;AACxEpH,mBAASiG,QAAQmB,gBAAgBK,SAASC,GAAAA;QAC5C,WAAWL,mCAAiBM,iCAAiCP,eAAAA,GAAkB;AAC7EpH,mBACEiG,QAAQmB,gBAAgBhE,YAAYsE,GAAAA;UAEpCzB,QAAQmB,gBAAgBhE,YAAYwE,mBAAmBjL,EAAAA,KACvDsJ,QAAQ,KAAK4B,2BAA2BT,eAAAA,CAAAA;QAC5C,WAAWC,mCAAiBS,wBAAwBV,eAAAA,GAAkB;AACpE,iBAAO/O,QAAQC,OAAOC,MAAM,wBAAA,CAAA;QAC9B;AAEA,YAAI,CAACyH,QAAQ;AACXA,mBAASiG,QAAQO,qBAAqBoB,mBAAmBjL,EAAAA;QAC3D;AACA,YAAI,CAACqD,UAAUzC,uBAAuB0E,KAAK1H,WAAW,MAAA,GAAS;AAC7DyF,uBAAS+H,4BAASxK,uBAAuB0E,GAAAA,EAAKF;QAChD;AACA,YAAI,CAAC/B,UAAUzC,uBAAuBmE,KAAKO,KAAK1H,WAAW,MAAA,GAAS;AAClEyF,uBAAS+H,4BAASxK,sBAAuBmE,IAAKO,GAAG,EAAGF;QACtD;AACA,YAAI,CAAC/B,UAAUzC,uBAAuB/C,UAAU;AAC9CwF,mBAASiG,QAAQ1I,sBAAsB/C,QAAQ;QACjD;AACA,YAAI,CAACwF,UAAUzC,uBAAuByK,qBAAqB;AACzD,gBAAMC,iBAAaC,0BAAU3K,sBAAsByK,oBAAoBG,YAAY;AACnFnI,mBAASiI,WAAWG,QAAQV;QAC9B;AACA,YAAI,CAAC1H,UAAUoG,yBAAyB9C,mBAAmB5C,YAAYR,YAAY;AACjF,gBAAMmI,aAAa,MAAMnQ,QAAQoI,MAAMgI,qBAAqBlC,yBAAyB9C,mBAAmB5C,YAAYR,UAAU;AAC9HF,mBAASqI,WAAWrI;QACtB;AAEA,YAAI,CAACA,QAAQ;AACX,gBAAMzH,MAAM,8EAA8E;QAC5F;AACAwD,eAAOE,IAAI,8CAA8C+D,MAAAA,EAAQ;AAEjE,cAAMuI,yBAAyBnB,gBAAgBK;AAC/C,YAAIe,cAAqC;AACzC,YAAIpB,gBAAgBvM,OAAOuH,SAAS,KAAA,KAAU,CAACgF,gBAAgBvM,OAAOuH,SAAS,UAAA,GAAa;AAC1FmG,iCAAuBE,MAAMzI;AAC7BwI,wBAAc;QAChB;AACA,YAAI,YAAYD,0BAA0B,EAAE,SAASA,yBAAyB;AAC5EA,iCAAuBvI,SAASA;QAClC;AACA,YAAI,SAASuI,wBAAwB;AACnCA,iCAAuBb,MAAM1H;QAC/B;AACA,YAAI,uBAAuBuI,0BAA0B,CAACxN,MAAMqG,QAAQmH,uBAAuBX,iBAAiB,GAAG;AAC7GW,iCAAuBX,kBAAkBjL,KAAKqD;QAChD;AACA,YAAI,QAAQuI,wBAAwB;AAClC,cAAIA,uBAAuBG,GAAGd,mBAAmB;AAC/CW,mCAAuBG,GAAGd,kBAAkBjL,KAAKqD;UACnD;AACAuI,iCAAuBG,GAAG1I,SAASA;AACnC,iBAAOuI,uBAAuBG,GAAGC;AACjC,iBAAOJ,uBAAuBG,GAAGE;QACnC;AACA,eAAOL,uBAAuBI;AAC9B,eAAOJ,uBAAuBK;AAC9B,eAAOL,uBAAuBM;AAE9B9M,eAAOE,IAAI,yDAAyDuM,WAAAA,KAAgBD,sBAAAA;AACpF,cAAMO,WAAW,MAAM5Q,QAAQoI,MAAMyI,2BAA2B;UAC9D3F,YAAa,QAAQmF,yBAAyBA,uBAAuBG,KAAKH;UAC1ES,qBAAqB;UACrBC,MAAM;UACNT;QACF,CAAA;AACA,YAAI,CAACM,UAAU;AACb,gBAAMvQ,MAAM,mDAAmD;QACjE;AACAwD,eAAOE,IAAI,UAAU6M,SAAS9I,MAAM,kCAAkC8I,SAASnM,EAAE,IAAImM,QAAAA;AACrF9B,2BAAmBK,mCAAiB6B,iCAAiCJ,QAAAA;AACrEvC,kBAAUtO,UAAU;MACtB;AAEA,YAAMkR,sBAA2C;QAC/CxC,iBAAiBD;QACjB,GAAIM,oBAAoB;UAAE5D,YAAY4D;QAAiB;QACvD/O;MACF;AAEA,YAAM,KAAKhC,8BACT;QACEsH;QACA6L,QAAQ7C;QACR/C;QACA5G;QACAuM;QACApM;MACF,GACA7E,OAAAA;IAEJ;AACA,UAAMmR,oBAAoBrC,mBACtBK,mCAAiB6B,iCAAiClC,gBAAAA,IAClDZ,yBAAyBL;AAC7B,QAAI,CAACQ,WAAWS,kBAAkB;AAChCjL,aAAOE,IAAI,mGAAmG;IAChH,OAAO;AACLF,aAAOE,IAAI,yBAAyBoN,iBAAAA;AAEpC,YAAMrJ,SAASqH,mCAAiBiC,kCAAkC9C,qBAAqBxG,MAAM;AAC7F,YAAM,CAACuJ,wBAAwBC,oBAAAA,IAAwB,KAAKC,4BAA4B/I,YAAYR,YAAYF,MAAAA;AAEhH,YAAM0J,sBAAsB,MAAMxR,QAAQoI,MAAMqJ,iBAAiB;QAC/DvG,YAAY;UACVwG,iBAAaC,mCAAkBR,iBAAAA;UAC/BhD;UACAyD,kBAAkBxD;UAClByD,gBAAgB9F,iCAAe+F;UAC/BC,uBAAuBjK,QAAQzF,WAAW,MAAA,IAAU2P,0CAA0BvG,MAAMuG,0CAA0BnK;UAC9G8E,qBAAqB7E;UACrBuJ;UACAC;QACF;MACF,CAAA;AACA,YAAMtR,QAAQoI,MAAMoE,KAAK3P,mBAAmBE,mBAAmB;QAC7DmO,YAAYsG;QACZ7D,QAAQ6D,oBAAoBS;MAC9B,CAAA;IACF;EACF;EAEA,MAAclU,8BAA8B4C,MAA4BX,SAAyC;AAC/G,UAAM,EAAE6E,gBAAgBoM,qBAAqB5L,sBAAqB,IAAK1E;AACvE,UAAMiO,uBAAuB/J,gBAAgB2C,0BAA0BqH;AACvE,QAAI,CAACD,sBAAsB;AACzB;IACF,WAAW,CAACvJ,uBAAuB;AACjC,aAAOlF,QAAQC,OAAOC,MAAM,4CAAA,CAAA;IAC9B,WAAW,CAAC4Q,qBAAqB;AAC/B,aAAO9Q,QAAQC,OAAOC,MAAM,8BAAA,CAAA;IAC9B;AAEAwD,WAAOE,IAAI,6BAA6B6K,oBAAAA,IAAwBqC,mBAAAA;AAEhE,UAAMrM,SAAS,MAAMsN,wCAAiB9O,UAAU;MAAEC,OAAOgC;IAAsB,CAAA;AAC/E,UAAMT,OAAOjD,iBAAiB;MAAEiN;IAAqB,GAAGqC,qBAAqB5L,uBAAuByK,qBAAqBG,YAAAA;AACzHpM,WAAOE,IAAI,mBAAmB6K,oBAAAA,sBAA0C;EAC1E;EAEA,MAAchN,mBAAmBjB,MAA8BX,SAAkD;AAC/G,UAAM,EAAEiC,aAAa4C,gBAAgBsN,aAAY,IAAKxR;AAEtD,QAAIwR,aAAatS,WAAW,GAAG;AAC7B,aAAOM,QAAQC,OAAOC,MAAM,wBAAA,CAAA;IAC9B;AAEA,QAAI,CAAC4B,aAAaC,KAAK;AACrB,aAAO/B,QAAQC,OAAOC,MAAM,gCAAA,CAAA;IAC9B;AAEA,QAAI,CAACwE,gBAAgB;AACnB,aAAO1E,QAAQC,OAAOC,MAAM,mCAAA,CAAA;IAC9B;AAEA,UAAM+R,MAAM,IAAIvK,IAAI5F,aAAaC,GAAAA;AACjC,UAAMmQ,SAAS,IAAIC,gBAAgBF,IAAIG,MAAM;AAC7C,UAAMC,mBAAmBH,OAAOI,IAAI,mBAAA;AACpC,UAAMC,mBAAmBF,oBAAoB3N,eAAeiD;AAC5D,QAAI4K,iBAAiBrQ,WAAW,SAAA,GAAY;AAC1CgN,cAAQsD,KAAK,4EAA4EP,IAAIQ,SAAQ,CAAA,GAAK;AAE1G,aAAO,CAAA;IACT;AAEA,UAAMC,SAAS,MAAM7S,QAAQoI,MAAM0K,wCAAwC;MACzE1E,QAAQ;MACR+D;MACAnK,YAAY0K;IACd,CAAA;AAEA,WAAOG,OAAOE;EAChB;EAEA,MAAc3V,+BAA+BuD,MAA6BX,SAA2D;AACnI,UAAM,EAAE8H,QAAQkL,kBAAkB,KAAI,IAAKrS;AAC3C,WAAOsS,sCAAeC,oBAAoBpL,QAAQ;MAAEkL;IAAgB,CAAA;EACtE;EAEQzB,4BAA4BvJ,YAA2CF,QAAqD;AAClI,YAAQE,WAAWoG,QAAM;MACvB,KAAK;AACH,gBAAI+E,+CAA0BnL,UAAAA,SAAe4B,kDAA6B5B,UAAAA,GAAa;AACrF,iBAAO;YAACgK,0CAA0BvG;YAAKzD,WAAW6B;;QACpD,eAAWuJ,gDAA2BpL,UAAAA,GAAa;AACjD,iBAAO;YAACgK,0CAA0BvG;YAAK,OAAOzD,WAAWA,eAAe,WAAWA,WAAWA,aAAaA,WAAWA,WAAW6B;;QACnI;AACA;MACF,KAAK;AACH,gBAAIsJ,+CAA0BnL,UAAAA,SAAeqL,kDAA6BrL,UAAAA,GAAa;AACrF,iBAAO;YAACgK,0CAA0BsB;YAAKtL,WAAW+B;;QACpD,eAAWqJ,gDAA2BpL,UAAAA,GAAa;AACjD,iBAAO;YAACgK,0CAA0BsB;YAAKtL,WAAWA;;QACpD;AACA;MACF,KAAK;AACH,gBAAImL,+CAA0BnL,UAAAA,SAAeuL,kDAA6BvL,UAAAA,GAAa;AACrF,iBAAO;YAACgK,0CAA0BwB;YAAUxL,WAAWyL,IAAIrN,KAAK,MAAA;;QAClE,eAAWsN,gDAA2B1L,UAAAA,GAAa;AACjD,iBAAO;YAACgK,0CAA0BwB;YAAUxL,WAAWA,WAAW5B,KAAK,MAAA;;QACzE;AACA;IACJ;AACA,WAAO;MAAC4L,0CAA0BnK;MAAKC;;EACzC;EAEQ6H,2BAA2BT,iBAAqE;AACtG,QAAIrM,MAAMqG,QAAQgG,gBAAgBhE,YAAYwE,iBAAAA,GAAoB;AAChE,UAAIR,gBAAgBhE,YAAYwE,kBAAkB7P,SAAS,GAAG;AAC5D,eAAOqP,gBAAgBhE,YAAYwE,kBAAkB,CAAA,EAAGjL;MAC1D;IACF,OAAO;AACL,aAAOyK,gBAAgBhE,YAAYwE,mBAAmBjL;IACxD;AACA,WAAO7E;EACT;EAEQgL,wBAAwBpC,aAAuF;AACrH,QAAIA,YAAY7F,UAAU,YAAY6F,YAAY7F,UAAU,kBAAkB;AAC5E,aAAQ6F,YAA2EmL;IACrF;AACA,WAAO/T;EACT;AACF;;;AS1sCA,IAAAgU,oBAA6C;AAG7C,IAAMC,UAASC,0BAAQC,QAAQC,QAAQ,2BAA2B;EAAEC,iBAAiBC,2BAASC;EAAOC,SAAS;IAACC,4BAAUC;;AAAS,CAAA,EAAGC,IACnI,yBAAA;AAGK,IAAMC,+BAA+B,wBAC1CC,cAAAA;AAEA,SAAO,OAAOC,gBAA2CC,UAAAA;AACvD,QAAIA,MAAMC,OAAOC,SAAS,YAAY;AACpChB,MAAAA,QAAOiB,MAAM,8CAAA;AAGb;IACF;AACAjB,IAAAA,QAAOkB,KAAK,6BAA6BC,KAAKC,UAAUN,MAAMO,KAAK,CAAA,EAAG;AAEtE,QAAI,CAACT,aAAaA,UAAUU,SAAS,GAAG;AACtCtB,MAAAA,QAAOkB,KAAK,0CAA0CC,KAAKC,UAAUN,MAAMO,KAAK,CAAA,EAAG;AACnF;IACF;AAEA,eAAW,CAACE,UAAUC,QAAAA,KAAaZ,WAAW;AAC5C,UAAIE,MAAMW,QAAQF,QAAAA,GAAW;AAC3BvB,QAAAA,QAAO0B,IAAI,iCAAiCP,KAAKC,UAAUN,MAAMO,KAAK,CAAA,mBAAoB;AAC1F,cAAMG,SAASX,gBAAgBC,KAAAA,EAC5Ba,KAAK,MAAM3B,QAAO0B,IAAI,sCAAsCP,KAAKC,UAAUN,MAAMO,KAAK,CAAA,EAAG,CAAA,EACzFO,MAAM,CAACC,UAAAA;AACN7B,UAAAA,QAAO6B,MACL,wCAAwCV,KAAKC,UAAUN,MAAMO,KAAK,CAAA,YAAaF,KAAKC,UAAUS,OAAOC,OAAAA,CAAAA,KAAaX,KAAKC,UAAUN,MAAMiB,KAAK,CAAA,EAAG;AAEjJ,cAAIF,MAAMG,OAAO;AACfhC,YAAAA,QAAO6B,MAAMA,MAAMG,KAAK;UAC1B;QACF,CAAA;AACF;MACF;IACF;EACF;AACF,GAlC4C;;;ACP5C,IAAAC,yBAAsC;AACtC,IAAAC,yBAA+G;AAC/G,IAAAC,kBAA0D;AAC1D,IAAAA,kBAAsF;AAQ/E,IAAMC,2BAAN,cAAuCC,mCAAAA;EAX9C,OAW8CA;;;EAC3BC;EACAC;EACAC;EACAC;EACAC;EACAC;EACAC;EACAC;EAEjB,YACEC,MASA;AACA,UAAM;MAAE,GAAGA;MAAMC,IAAI;IAAgB,CAAA;AACrC,SAAKJ,2BAA2BG,KAAKH;AACrC,SAAKC,aAAaE,KAAKF;AACvB,SAAKN,UAAUQ,KAAKR;AACpB,SAAKI,aAAaI,KAAKJ,cAAc;AACrC,SAAKD,4BAA4BK,KAAKL,8BAA8B;AACpE,SAAKF,0BAA0BO,KAAKP;AACpC,SAAKC,oCAAoCM,KAAKN;AAC9C,SAAKK,eAAeC,KAAKD;EAC3B;EAEA,MAAMG,OACJC,KACAC,MAOe;AACf,UAAMC,MAAM,IAAIC,IAAIH,GAAAA,EAAKI,SAAQ;AACjC,UAAMC,gBAAYC,+CAAuBJ,GAAAA;AACzC,UAAMK,UAAU,UAAUF,aAAa,CAAC,CAACA,UAAUG,QAAQ,EAAE,YAAYH;AACzE,UAAMG,OAAOD,UAAWF,UAAUG,OAAkBC;AACpD,UAAMd,aAAa;MAAE,GAAG,KAAKA;MAAY,GAAGM,MAAMN;IAAW;AAC7D,UAAMe,iBAAiB,MAAM,KAAKrB,QAAQsB,MAAMC,mCAAmC;MACjFC,aAAa;;QAEX,GAAI,CAACN,WAAW;UAAEO,iBAAiB,MAAMC,6CAAsBC,QAAQd,GAAAA;QAAK;QAC5E,GAAIK,WAAW;UAAEC;QAAW;QAC5BS,+BAA+BhB,MAAMgB;QACrCC,UAAUjB,MAAMiB;QAChBhB;MACF;MACAN,cAAc,KAAKA;MACnBF,0BAA0B;QAAE,GAAG,KAAKA;QAA0B,GAAGO,MAAMP;MAAyB;MAChG,IAAKC,WAAWwB,YAAYxB,WAAWyB,wBAAwB;QAAEzB;MAAwD;MACzHL,yBAAyB,KAAKA;MAC9BC,mCAAmC,KAAKA;MACxCE,YAAY,KAAKA;IACnB,CAAA;AAEA,UAAM4B,cAAcX,eAAeW;AAEnC,QAAI,CAACpB,MAAMqB,gBAAgB,KAAKjC,QAAQsB,MAAMY,iBAAgB,EAAGC,SAAS,yBAAA,GAA4B;AACpG,YAAMC,YAAYlB,UAAU,aAAa;AACzC,gBAAMmB,0CAAyB;QAC7BD;QACAJ;QACAhC,SAAS,KAAKA;QACdsC,0BAA0B;QAC1BC,qBAAqB;QACrBC,gBAAgB;QAChBC,gBAAgB,KAAKtC;MACvB,CAAA;IACF,OAAO;AAEL6B,kBAAYU,MAAM9B,MAAMqB,YAAAA;IAC1B;AAEA,QAAIf,SAAS;AACXc,kBAAYW,KAAKC,qBAAqBC,qCAAqC;QAAEC,MAAMjC;MAAI,CAAA;IACzF;EACF;AACF;","names":["module","module","import_oid4vci_client","import_oid4vci_common","import_ssi_sdk_ext","import_ssi_sdk","import_ssi_types","import_utils","import_uuid","OID4VCIHolderEvent","SupportedLanguage","OID4VCIMachineStates","OID4VCIMachineAddContactStates","OID4VCIMachineVerifyPinStates","OID4VCIMachineEvents","OID4VCIMachineGuards","OID4VCIMachineServices","RequestType","IdentifierAliasEnum","Localization","translationGetters","SupportedLanguage","ENGLISH","require","DUTCH","translate","memoize","key","config","Object","keys","i18n","translations","length","locale","findSupportedLanguage","t","JSON","stringify","language","values","undefined","getLocale","FirstPartyMachineStateTypes","FirstPartyMachineServices","FirstPartyMachineEvents","oid4vciHasNoContactGuard","_ctx","_event","contact","undefined","oid4vciHasContactGuard","oid4vciContactHasLowTrustGuard","trustedAnchors","length","oid4vciCredentialsToSelectRequiredGuard","credentialToSelectFrom","oid4vciRequirePinGuard","requestData","credentialOffer","userPinRequired","oid4vciHasNoContactIdentityGuard","credentialsToAccept","toAcceptId","correlationId","match","URL","hostname","identities","some","identity","identifier","oid4vciVerificationCodeGuard","verificationCode","oid4vciCreateContactGuard","contactAlias","hasContactConsent","oid4vciHasSelectedCredentialsGuard","selectedCredentials","oid4vciIsOIDFOriginGuard","trustAnchors","oid4vciNoAuthorizationGuard","ctx","oid4vciHasAuthorizationResponse","oid4vciRequireAuthorizationGuard","openID4VCIClientState","Error","authorizationURL","authorizationRequestOpts","authorizationCodeResponse","supportedFlows","includes","AuthzFlowType","AUTHORIZATION_CODE_FLOW","PRE_AUTHORIZED_CODE_FLOW","endpointMetadata","credentialIssuerMetadata","authorization_endpoint","oid4vciIsFirstPartyApplication","serverMetadata","authorization_challenge_endpoint","createOID4VCIMachine","opts","initialContext","accessTokenOpts","walletType","issuanceOpt","didMethodPreferences","locale","credentialsSupported","createMachine","id","machineName","predictableActionArguments","initial","OID4VCIMachineStates","start","schema","events","guards","services","context","states","invoke","src","OID4VCIMachineServices","onDone","target","createCredentialsToSelectFrom","actions","assign","credentialBranding","data","oid4vciClientState","onError","handleError","error","title","translate","message","stack","getContact","getIssuerBranding","getFederationTrust","cond","OID4VCIMachineGuards","isOIDFOriginGuard","issuerBranding","transitionFromSetup","always","addContact","hasNoContactGuard","reviewContact","contactHasLowTrustGuard","selectCredentials","credentialsToSelectRequiredGuard","startFirstPartApplicationFlow","isFirstPartyApplication","prepareAuthorizationRequest","requireAuthorizationGuard","verifyPin","requirePinGuard","getCredentials","on","OID4VCIMachineEvents","SET_AUTHORIZATION_CODE_URL","authorizationCodeURL","OID4VCIMachineAddContactStates","idle","SET_CONTACT_CONSENT","SET_CONTACT_ALIAS","CREATE_CONTACT","next","createContactGuard","DECLINE","declined","PREVIOUS","aborted","storeIssuerBranding","hasContactGuard","NEXT","transitionFromContactSetup","FirstPartyMachineStateTypes","toAuthorizationResponsePayload","SET_SELECTED_CREDENTIALS","transitionFromSelectingCredentials","hasSelectedCredentialsGuard","initiateAuthorizationRequest","INVOKED_AUTHORIZATION_CODE_REQUEST","waitForAuthorizationResponse","PROVIDE_AUTHORIZATION_CODE_RESPONSE","hasAuthorizationResponse","OID4VCIMachineVerifyPinStates","SET_VERIFICATION_CODE","verificationCodeGuard","verifyCredentials","exit","assertValidCredentials","transitionFromWalletInput","addContactIdentity","hasNoContactIdentityGuard","reviewCredentials","addIssuerBrandingAfterIdentity","push","storeCredentialBranding","storeCredentials","done","type","OID4VCIMachine","newInstance","interpreter","interpret","withConfig","subscription","onTransition","requireCustomNavigationHook","stateNavigationListener","snapshot","import_oid4vci_client","import_oid4vci_common","import_ssi_sdk_ext","import_xstate","import_oid4vci_common","sendAuthorizationChallengeRequest","args","openID4VCIClientState","authSession","presentationDuringIssuanceSession","oid4vciClient","OpenID4VCIClient","fromState","state","acquireAuthorizationChallengeCode","clientId","uuidv4","credentialOffer","preAuthorizedCode","issuerState","createConfig","context","presentationUri","Promise","reject","Error","agent","siopCreateConfig","url","getSiopRequest","didAuthConfig","undefined","siopGetSiopRequest","sendAuthorizationResponse","authorizationRequestData","selectedCredentials","responseData","siopSendResponse","isFirstParty","body","presentation_during_issuance_session","firstPartyMachineStates","FirstPartyMachineStateTypes","sendAuthorizationChallengeRequest","id","invoke","src","FirstPartyMachineServices","onDone","target","done","actions","assign","authorizationCodeResponse","_ctx","_event","data","onError","createConfig","cond","error","AuthorizationChallengeError","insufficient_authorization","authSession","auth_session","presentationUri","presentation","title","translate","message","stack","getSiopRequest","didAuthConfig","selectCredentials","authorizationRequestData","on","FirstPartyMachineEvents","SET_SELECTED_CREDENTIALS","selectedCredentials","NEXT","sendAuthorizationResponse","DECLINE","declined","PREVIOUS","aborted","presentationDuringIssuanceSession","type","createFirstPartyActivationMachine","opts","initialContext","openID4VCIClientState","contact","createMachine","machineId","predictableActionArguments","initial","context","states","schema","events","services","FirstPartyMachine","_instance","hasInstance","undefined","instance","Error","clearInstance","stop","stopInstance","newInstance","agentContext","args","newInst","interpret","withConfig","guards","subscription","onTransition","requireCustomNavigationHook","snapshot","stateNavigationListener","getInstance","requireExisting","oid4vciGetCredentialBrandingFrom","args","credentialDisplay","issuerCredentialSubject","oid4vciCombineDisplayLocalesFrom","issuerCredentialSubjectLocales","oid4vciIssuerCredentialSubjectLocalesFrom","credentialDisplayLocales","oid4vciCredentialDisplayLocalesFrom","reduce","localeDisplays","display","localeKey","locale","set","Map","localeClaims","processClaimObject","claim","parentKey","Object","entries","forEach","key","value","Array","isArray","name","has","get","push","oid4vciCredentialLocaleBrandingFrom","alias","logo","url","uri","alt_text","alt","description","text_color","text","color","background_image","background_color","background","image","locales","from","Set","keys","Promise","all","map","claims","length","sdJwtGetCredentialBrandingFrom","claimsMetadata","sdJwtCombineDisplayLocalesFrom","sdJwtCredentialClaimLocalesFrom","sdJwtCredentialDisplayLocalesFrom","lang","label","path","String","join","sdJwtCredentialLocaleBrandingFrom","rendering","simple","issuerLocaleBrandingFrom","issuerDisplay","dynamicRegistrationClientMetadata","client_name","logo_uri","client_uri","clientUri","tos_uri","tosUri","policy_uri","policyUri","contacts","getCredentialBranding","args","credentialsSupported","context","credentialBranding","Promise","all","Object","entries","map","configId","credentialsConfigSupported","sdJwtTypeMetadata","format","vct","startsWith","agent","fetchSdJwtTypeMetadataFromVctUrl","mappedLocaleBranding","sdJwtGetCredentialBrandingFrom","credentialDisplay","display","claimsMetadata","claims","oid4vciGetCredentialBrandingFrom","issuerCredentialSubject","undefined","credentialSubject","localeBranding","ibCredentialLocaleBrandingFrom","defaultCredentialType","configSupportedTypes","getTypesFromCredentialSupported","credentialTypes","length","asArray","filteredCredentialTypes","filter","type","getBasicIssuerLocaleBranding","dynamicRegistrationClientMetadata","issuerDisplay","branding","issuerLocaleBrandingFrom","ibIssuerLocaleBrandingFrom","getCredentialConfigsBasedOnFormatPref","vcFormatPreferences","credentials","prefConfigs","forEach","key","config","result","pref","toLowerCase","includes","selectCredentialLocaleBranding","locale","find","verifyCredentialToAccept","mappedCredential","hasher","onVerifyEBSICredentialIssuer","schemaValidation","credential","extractCredentialFromResponse","credentialToAccept","credentialResponse","wrappedVC","CredentialMapper","toWrappedVerifiableCredential","defaultHasher","decoded","iss","vc","issuer","existingInstanceId","cvVerifySchema","validationPolicy","JSON","stringify","source","error","subResults","wrappedVc","e","message","verificationResult","cvVerifyCredential","fetchRemoteContexts","policies","credentialStatus","expirationDate","issuanceDate","reject","Error","translate","mapCredentialToAccept","verifiableCredential","wrappedVerifiableCredential","uniformVerifiableCredential","isSdJwtDecodedCredential","sdJwtDecodedCredentialToUniformCredential","isSdJwtEncoded","asyncHasher","data","algorithm","resolve","decodedSdJwt","decodeSdJwtVcAsync","isMsoMdocDecodedCredential","mdocDecodedCredentialToUniformCredential","correlationId","decodedPayload","id","types","rawVerifiableCredential","credential_subject_issuance","Array","isArray","getIdentifierOpts","issuanceOpt","identifier","identifierArg","isManagedIdentifierResult","supportedPreferredDidMethod","supportedBindingMethods","keyType","kms","keyManagerGetDefaultKeyManagementSystem","isIIdentifier","identifierManagedGet","method","managedIdentifierToJwk","join","agentContext","created","getOrCreatePrimaryIdentifier","createOpts","options","use","KeyUse","Signature","codecName","identifierManagedGetByDid","offlineWhenNoDIDRegistered","did","emit","OID4VCIHolderEvent","IDENTIFIER_CREATED","keyManagerCreate","meta","keyAlias","Date","now","kmsKeyRef","kid","getCredentialConfigsSupportedMerged","getCredentialConfigsSupported","supported","configurationIds","getCredentialConfigsSupportedBySingleTypeOrId","configurationId","configs","keys","client","createIdFromTypes","getTypesFromObject","allSupported","getCredentialsSupported","fromEntries","credentialOffer","offerSupported","getSupportedCredentials","version","issuerMetadata","endpointMetadata","credentialIssuerMetadata","credentialConfigsSupported","LOG","warning","getIssuer","credential_offer","credentialsToOffer","credential_configuration_ids","getIssuanceOpts","didMethodPreferences","jwtCryptographicSuitePreferences","jsonldCryptographicSuitePreferences","forceIssuanceOpt","values","credentialSupported","cryptographicSuite","getIssuanceCryptoSuite","didMethod","methods","getIssuanceMethod","console","log","push","isEBSI","keyTypeFromCryptographicSuite","crv","clientId","isManagedIdentifierDidResult","opts","cryptographic_binding_methods_supported","didMethods","warn","SupportedDidMethodEnum","DID_KEY","signing_algs_supported","proof_types_supported","jwt","proof_signing_alg_values_supported","ldp_vp","cwt","credential_signing_alg_values_supported","supportedPreferences","suite","JoseSignatureAlgorithm","ES256","fallback","startFirstPartApplicationMachine","openID4VCIClientState","stateNavigationListener","contact","firstPartyMachineInstance","FirstPartyMachine","newInstance","onTransition","state","matches","FirstPartyMachineStateTypes","done","authorizationCodeResponse","aborted","declined","start","oid4vciHolderContextMethods","logger","Loggers","DEFAULT","get","signCallback","identifier","context","nonce","jwt","kid","noIssPayloadUpdate","resolution","agent","identifierManagedGet","jwk","header","method","undefined","issuer","payload","iss","Promise","reject","Error","JSON","stringify","console","log","jwtCreateJwsCompactSignature","protectedHeader","OID4VCIHolder","hasher","eventTypes","OID4VCIHolderEvent","CONTACT_IDENTITY_CREATED","CREDENTIAL_STORED","IDENTIFIER_CREATED","methods","oid4vciHolderStart","bind","oid4vciHolderGetIssuerMetadata","oid4vciHolderGetMachineInterpreter","oid4vciHolderPrepareAuthorizationRequest","oid4vciHolderCreateCredentialsToSelectFrom","oid4vciHolderGetContact","oid4vciHolderGetCredentials","oid4vciHolderGetCredential","oid4vciHolderAddContactIdentity","oid4vciHolderAssertValidCredentials","oid4vciHolderStoreCredentialBranding","oid4vciHolderStoreCredentials","oid4vciHolderSendNotification","oid4vciHolderGetIssuerBranding","oid4vciHolderStoreIssuerBranding","vcFormatPreferences","jsonldCryptographicSuitePreferences","didMethodPreferences","SupportedDidMethodEnum","DID_JWK","DID_KEY","DID_OYD","DID_EBSI","DID_ION","jwtCryptographicSuitePreferences","JoseSignatureAlgorithm","ES256","ES256K","EdDSA","DEFAULT_MOBILE_REDIRECT_URI","DefaultURISchemes","CREDENTIAL_OFFER","defaultAuthorizationRequestOpts","redirectUri","onContactIdentityCreated","onCredentialStored","onIdentifierCreated","onVerifyEBSICredentialIssuer","options","defaultAuthorizationRequestOptions","defaultHasher","undefined","length","onEvent","event","context","type","data","Promise","reject","Error","opts","authorizationRequestOpts","services","OID4VCIMachineServices","start","args","startFirstPartApplicationFlow","startFirstPartApplicationMachine","stateNavigationListener","firstPartyStateNavigationListener","createCredentialsToSelectFrom","prepareAuthorizationRequest","getContact","getCredentials","accessTokenOpts","addContactIdentity","getIssuerBranding","storeIssuerBranding","assertValidCredentials","storeCredentialBranding","storeCredentials","sendNotification","getFederationTrust","oid4vciMachineInstanceArgs","interpreter","OID4VCIMachine","newInstance","requestData","uri","authorizationDetails","asArray","startsWith","clientId","formats","authFormats","map","detail","format","filter","Array","from","Set","oid4vciClient","offer","existingClientState","OpenID4VCIClientV1_0_15","fromState","state","credentialOffer","RequestType","OPENID_INITIATE_ISSUANCE","OPENID_CREDENTIAL_OFFER","match","CredentialOfferClient","fromURI","logger","warning","log","fromCredentialIssuer","credentialIssuer","authorizationRequest","createAuthorizationRequestURL","configurationIds","original_credential_offer","credential_configuration_ids","authReqOpts","credential_configuration_id","id","credentialsSupported","getCredentialConfigsSupportedMerged","client","serverMetadata","retrieveServerMetadata","credentialBranding","getCredentialBranding","oid4vciClientState","JSON","parse","exportState","openID4VCIClientState","contact","identities","identity","connectionConfig","connection","config","find","authorizationCodeURL","createAuthorizationRequestUrl","locale","selectedCredentials","info","Object","keys","join","credentialSelection","all","entries","credentialConfigSupported","credentialTypes","getTypesFromObject","localeBranding","_brandings","supported","credentialAlias","selectCredentialLocaleBranding","alias","uuidv4","credentialId","isSelected","sel","push","stringify","names","credentialIssuerMetadata","display","name","size","correlationId","URL","issuer","hostname","identifier","legalName","displayName","parties","agent","cmGetContacts","party","verificationCode","issuanceOpt","walletType","debug","issuanceOpts","getIssuanceOpts","selectDidMethodPreferences","forceIssuanceOpt","pin","allCredentials","supportedDidMethodEnums","isArray","DID_WEB","getIdentifierOpts","alg","signatureAlgorithmFromKey","key","jwk","isManagedIdentifierJwkResult","callbacks","signCallback","isManagedIdentifierDidResult","did","asOpts","kid","clientOpts","isEBSI","includes","split","signCallbacks","acquireAccessToken","authorizationResponse","authorizationCodeResponse","additionalRequestParams","types","credentialConfigurationId","credentialDefinition","getCredentialDefinition","credentialResponse","acquireCredentials","proofCallbacks","deferredCredentialAwait","jti","credential","mapCredentialToAccept","credentialToAccept","error","credentialsToAccept","identifierType","CorrelationIdentifierType","DID","toLowerCase","origin","IdentityOrigin","EXTERNAL","roles","CredentialRole","ISSUER","ConnectionType","OPENID_CONNECT","clientSecret","scopes","redirectUrl","dangerouslyAllowInsecureHttpRequests","clientAuthMethod","emit","contactId","cmAddIdentity","issuerCorrelationId","branding","ibGetIssuerBranding","getBasicIssuerLocaleBranding","dynamicRegistrationClientMetadata","issuerBranding","ibAddIssuerBranding","verifyCredentialToAccept","mappedCredential","schemaValidation","counter","configId","ac","credAccept","cred","ibAddCredentialBranding","vcHash","computeEntryHash","rawVerifiableCredential","b","trimmed","input","trim","mappedCredentialToAccept","kmsKeyRef","method","persist","verifiableCredential","uniformVerifiableCredential","notificationId","notification_id","subjectIssuance","credential_subject_issuance","notificationEndpoint","notification_endpoint","holderCredential","notification_events_supported","issuerVC","extractCredentialFromResponse","wrappedIssuerVC","CredentialMapper","toWrappedVerifiableCredential","console","isWrappedSdJwtVerifiableCredential","decoded","sub","isWrappedW3CVerifiableCredential","credentialSubject","idFromW3cCredentialSubject","isWrappedMdocCredential","parseDid","accessTokenResponse","decodedJwt","decodeJWT","access_token","payload","resolution","identifierManagedGet","holderCredentialToSign","proofFormat","iss","vc","proof","issuanceDate","iat","issuedVC","createVerifiableCredential","fetchRemoteContexts","save","storedCredentialToOriginalFormat","notificationRequest","stored","persistCredential","issuerCorrelationIdFromIssuerType","subjectCorrelationType","subjectCorrelationId","determineSubjectCorrelation","persistedCredential","crsAddCredential","rawDocument","ensureRawDocument","identifierMethod","credentialRole","HOLDER","issuerCorrelationType","CredentialCorrelationType","hash","OpenID4VCIClient","trustAnchors","url","params","URLSearchParams","search","openidFederation","get","entityIdentifier","warn","toString","result","identifierExternalResolveByOIDFEntityId","trustedAnchors","errorOnNotFound","MetadataClient","retrieveAllMetadata","isManagedIdentifierResult","isManagedIdentifierDidOpts","isManagedIdentifierKidResult","KID","isManagedIdentifierX5cResult","X509_SAN","x5c","isManagedIdentifierX5cOpts","credential_definition","import_ssi_types","logger","Loggers","DEFAULT","options","defaultLogLevel","LogLevel","DEBUG","methods","LogMethod","CONSOLE","get","OID4VCICallbackStateListener","callbacks","oid4vciMachine","state","_event","type","debug","info","JSON","stringify","value","size","stateKey","callback","matches","log","then","catch","error","message","event","stack","import_oid4vci_client","import_oid4vci_common","import_ssi_sdk","OID4VCIHolderLinkHandler","LinkHandlerAdapter","context","stateNavigationListener","firstPartyStateNavigationListener","noStateMachinePersistence","walletType","authorizationRequestOpts","clientOpts","trustAnchors","args","id","handle","url","opts","uri","URL","toString","offerData","convertURIToJsonObject","hasCode","code","undefined","oid4vciMachine","agent","oid4vciHolderGetMachineInterpreter","requestData","credentialOffer","CredentialOfferClient","fromURI","createAuthorizationRequestURL","flowType","clientId","clientAssertionType","interpreter","machineState","availableMethods","includes","stateType","interpreterStartOrResume","cleanupAllOtherInstances","cleanupOnFinalState","singletonCheck","noRegistration","start","send","OID4VCIMachineEvents","PROVIDE_AUTHORIZATION_CODE_RESPONSE","data"]}